CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1801 CVE-2017-10820 426 +Priv 2017-08-04 2017-08-23
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in Installer of IP Messenger for Win 4.60 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
1802 CVE-2017-10812 426 +Priv 2017-08-28 2017-08-30
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in Photo Collection PC Software Ver.4.0.2 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
1803 CVE-2017-10784 287 Exec Code 2017-09-19 2018-10-31
9.3
None Remote Medium Not required Complete Complete Complete
The Basic authentication code in WEBrick library in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows remote attackers to inject terminal emulator escape sequences into its log and possibly execute arbitrary commands via a crafted user name.
1804 CVE-2017-10700 77 Exec Code 2017-09-19 2017-09-29
10.0
None Remote Low Not required Complete Complete Complete
In the medialibrary component in QNAP NAS 4.3.3.0229, an un-authenticated, remote attacker can execute arbitrary system commands as the root user of the NAS application.
1805 CVE-2017-10622 264 Bypass 2017-10-13 2017-11-02
10.0
None Remote Low Not required Complete Complete Complete
An authentication bypass vulnerability in Juniper Networks Junos Space Network Management Platform may allow a remote unauthenticated network based attacker to login as any privileged user. This issue only affects Junos Space Network Management Platform 17.1R1 without Patch v1 and 16.1 releases prior to 16.1R3. This issue was found by an external security researcher.
1806 CVE-2017-10601 287 2017-07-17 2017-07-26
10.0
None Remote Low Not required Complete Complete Complete
A specific device configuration can result in a commit failure condition. When this occurs, a user is logged in without being prompted for a password while trying to login through console, ssh, ftp, telnet or su, etc., This issue relies upon a device configuration precondition to occur. Typically, device configurations are the result of a trusted administrative change to the system's running configuration. The following error messages may be seen when this failure occurs: mgd: error: commit failed: (statements constraint check failed) Warning: Commit failed, activating partial configuration. Warning: Edit the router configuration to fix these errors. If the administrative changes are not made that result in such a failure, then this issue is not seen. No other Juniper Networks products or platforms are affected by this issue. Affected releases are Juniper Networks Junos OS 12.3 prior to 12.3R10, 12.3R11; 12.3X48 prior to 12.3X48-D20; 13.2 prior to 13.2R8; 13.3 prior to 13.3R7; 14.1 prior to 14.1R4-S12, 14.1R5, 14.1R6; 14.1X53 prior to 14.1X53-D30; 14.2 prior to 14.2R4; 15.1 prior to 15.1F2, 15.1F3, 15.1R2.
1807 CVE-2017-9970 434 Exec Code 2018-02-12 2018-03-09
9.0
None Remote Low Single system Complete Complete Complete
A remote code execution vulnerability exists in Schneider Electric's StruxureOn Gateway versions 1.1.3 and prior. Uploading a zip which contains carefully crafted metadata allows for the file to be uploaded to any directory on the host machine information which could lead to remote code execution.
1808 CVE-2017-9944 284 2017-12-27 2018-01-17
10.0
Admin Remote Low Not required Complete Complete Complete
A vulnerability has been identified in Siemens 7KT PAC1200 data manager (7KT1260) in all versions < V2.03. The integrated web server (port 80/tcp) of the affected devices could allow an unauthenticated remote attacker to perform administrative operations over the network.
1809 CVE-2017-9861 74 2017-08-05 2017-08-21
9.0
None Remote Low Not required Partial Partial Complete
** DISPUTED ** An issue was discovered in SMA Solar Technology products. The SIP implementation does not properly use authentication with encryption: it is vulnerable to replay attacks, packet injection attacks, and man in the middle attacks. An attacker is able to successfully use SIP to communicate with the device from anywhere within the LAN. An attacker may use this to crash the device, stop it from communicating with the SMA servers, exploit known SIP vulnerabilities, or find sensitive information from the SIP communications. Furthermore, because the SIP communication channel is unencrypted, an attacker capable of understanding the protocol can eavesdrop on communications. For example, passwords can be extracted. NOTE: the vendor's position is that authentication with encryption is not required on an isolated subnetwork. Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected.
1810 CVE-2017-9860 284 2017-08-05 2017-08-21
10.0
None Remote Low Not required Complete Complete Complete
** DISPUTED ** An issue was discovered in SMA Solar Technology products. An attacker can use Sunny Explorer or the SMAdata2+ network protocol to update the device firmware without ever having to authenticate. If an attacker is able to create a custom firmware version that is accepted by the inverter, the inverter is compromised completely. This allows the attacker to do nearly anything: for example, giving access to the local OS, creating a botnet, using the inverters as a stepping stone into companies, etc. NOTE: the vendor reports that this attack has always been blocked by "a final integrity and compatibility check." Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected.
1811 CVE-2017-9828 77 Exec Code 2017-06-23 2017-07-05
10.0
None Remote Low Not required Complete Complete Complete
'/cgi-bin/admin/testserver.cgi' of the web service in most of the VIVOTEK Network Cameras is vulnerable to shell command injection, which allows remote attackers to execute any shell command as root via a crafted HTTP request. This vulnerability is already verified on VIVOTEK Network Camera IB8369/FD8164/FD816BA; most others have similar firmware that may be affected. An attack uses shell metacharacters in the senderemail parameter.
1812 CVE-2017-9811 20 2017-07-17 2017-08-11
10.0
None Remote Low Not required Complete Complete Complete
The kluser is able to interact with the kav4fs-control binary in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312). By abusing the quarantine read and write operations, it is possible to elevate the privileges to root.
1813 CVE-2017-9807 94 Exec Code 2017-06-21 2017-10-12
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered in the OpenWebif plugin through 1.2.4 for E2 open devices. The saveConfig function of "plugin/controllers/models/config.py" performs an eval() call on the contents of the "key" HTTP GET parameter. This allows an unauthenticated remote attacker to execute arbitrary Python code or OS commands via api/saveconfig.
1814 CVE-2017-9772 264 Exec Code 2017-06-23 2017-10-09
10.0
None Remote Low Not required Complete Complete Complete
Insufficient sanitisation in the OCaml compiler versions 4.04.0 and 4.04.1 allows external code to be executed with raised privilege in binaries marked as setuid, by setting the CAML_CPLUGINS, CAML_NATIVE_CPLUGINS, or CAML_BYTE_CPLUGINS environment variable.
1815 CVE-2017-9769 264 2017-08-02 2017-08-11
10.0
None Remote Low Not required Complete Complete Complete
A specially crafted IOCTL can be issued to the rzpnk.sys driver in Razer Synapse 2.20.15.1104 that is forwarded to ZwOpenProcess allowing a handle to be opened to an arbitrary process.
1816 CVE-2017-9725 264 2017-09-21 2018-04-18
9.3
None Remote Medium Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, during DMA allocation, due to wrong data type of size, allocation size gets truncated which makes allocation succeed when it should fail.
1817 CVE-2017-9724 264 2017-09-21 2017-09-26
9.3
None Remote Medium Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, user-level permissions can be used to gain access to kernel memory, specifically the ION cache maintenance code is writing to a user supplied address.
1818 CVE-2017-9685 416 2017-08-18 2017-08-26
9.3
None Remote Medium Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition in a WLAN driver can lead to a Use After Free condition.
1819 CVE-2017-9678 119 Overflow Mem. Corr. 2017-08-18 2017-08-21
9.3
None Remote Medium Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, in a video driver, memory corruption can potentially occur due to lack of bounds checking in a memcpy().
1820 CVE-2017-9648 427 Exec Code 2017-08-14 2017-08-24
9.3
None Remote Medium Not required Complete Complete Complete
An Uncontrolled Search Path Element issue was discovered in Solar Controls WATTConfig M Software Version 2.5.10.1 and prior. An uncontrolled search path element has been identified, which could allow an attacker to execute arbitrary code on a target system using a malicious DLL file.
1821 CVE-2017-9646 427 Exec Code 2017-08-14 2017-08-24
9.3
None Remote Medium Not required Complete Complete Complete
An Uncontrolled Search Path Element issue was discovered in Solar Controls Heating Control Downloader (HCDownloader) Version 1.0.1.15 and prior. An uncontrolled search path element has been identified, which could allow an attacker to execute arbitrary code on a target system using a malicious DLL file.
1822 CVE-2017-9638 119 DoS Exec Code Overflow 2018-04-17 2018-05-18
10.0
None Remote Low Not required Complete Complete Complete
Mitsubishi E-Designer, Version 7.52 Build 344 contains six code sections which may be exploited to overwrite the stack. This can result in arbitrary code execution, compromised data integrity, denial of service, and system crash.
1823 CVE-2017-9636 119 DoS Exec Code Overflow 2018-04-17 2018-05-18
10.0
None Remote Low Not required Complete Complete Complete
Mitsubishi E-Designer, Version 7.52 Build 344 contains five code sections which may be exploited to overwrite the heap. This can result in arbitrary code execution, compromised data integrity, denial of service, and system crash.
1824 CVE-2017-9634 787 DoS Exec Code 2018-04-17 2018-05-18
10.0
None Remote Low Not required Complete Complete Complete
Mitsubishi E-Designer, Version 7.52 Build 344 contains two code sections which may be exploited to allow an attacker to overwrite arbitrary memory locations. This can result in arbitrary code execution, compromised data integrity, denial of service, and system crash.
1825 CVE-2017-9629 119 Exec Code Overflow 2017-07-07 2017-07-13
10.0
None Remote Low Not required Complete Complete Complete
A Stack-Based Buffer Overflow issue was discovered in Schneider Electric Wonderware ArchestrA Logger, versions 2017.426.2307.1 and prior. The stack-based buffer overflow vulnerability has been identified, which may allow a remote attacker to execute arbitrary code in the context of a highly privileged account.
1826 CVE-2017-9542 287 Bypass 2017-06-11 2017-06-22
10.0
None Remote Low Not required Complete Complete Complete
D-Link DIR-615 Wireless N 300 Router allows authentication bypass via a modified POST request to login.cgi. This issue occurs because it fails to validate the password field. Successful exploitation of this issue allows an attacker to take control of the affected device.
1827 CVE-2017-9483 264 2017-07-30 2017-08-02
10.0
Admin Remote Low Not required Complete Complete Complete
The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows Network Processor (NP) Linux users to obtain root access to the Application Processor (AP) Linux system via shell metacharacters in commands.
1828 CVE-2017-9482 264 2017-07-30 2017-08-02
10.0
Admin Remote Low Not required Complete Complete Complete
The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows remote attackers to obtain root access to the Network Processor (NP) Linux system by enabling a TELNET daemon (through CVE-2017-9479 exploitation) and then establishing a TELNET session.
1829 CVE-2017-9479 264 Exec Code 2017-07-30 2017-08-02
10.0
Admin Remote Low Not required Complete Complete Complete
The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows remote attackers to execute arbitrary commands as root by leveraging local network access and connecting to the syseventd server, as demonstrated by copying configuration data into a readable filesystem.
1830 CVE-2017-9462 264 Exec Code 2017-06-06 2018-07-06
9.0
Admin Remote Low Single system Complete Complete Complete
In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and consequently execute arbitrary code, by using --debugger as a repository name.
1831 CVE-2017-9377 77 2017-10-30 2017-11-21
9.0
None Remote Low Single system Complete Complete Complete
A command injection was identified on Barco ClickShare Base Unit devices with CSM-1 firmware before 1.7.0.3 and CSC-1 firmware before 1.10.0.10. An attacker with access to the product's web API can exploit this vulnerability to completely compromise the vulnerable device.
1832 CVE-2017-9328 77 Exec Code 2017-09-15 2018-12-20
10.0
None Remote Low Not required Complete Complete Complete
Shell metacharacter injection vulnerability in /usr/www/include/ajax/GetTest.php in TerraMaster TOS before 3.0.34 leads to remote code execution as root.
1833 CVE-2017-9286 264 2018-03-01 2018-03-21
9.0
None Remote Low Single system Complete Complete Complete
The packaging of NextCloud in openSUSE used /srv/www/htdocs in an unsafe manner, which could have allowed scripts running as wwwrun user to escalate privileges to root during nextcloud package upgrade.
1834 CVE-2017-9279 20 Exec Code 2018-03-02 2018-03-22
9.0
None Remote Low Single system Complete Complete Complete
NetIQ Identity Manager before 4.5.6.1 allowed uploading files with double extensions or non-image content in the Themes handling of the User Application Administration, allowing malicious user administrators to potentially execute code or mislead users.
1835 CVE-2017-9274 77 Exec Code 2018-03-01 2018-03-22
9.3
None Remote Medium Not required Complete Complete Complete
A shell command injection in the obs-service-source_validator before 0.7 could be used to execute code as the packager when checking RPM SPEC files with specific macro constructs.
1836 CVE-2017-9232 264 2017-05-27 2018-02-14
10.0
None Remote Low Not required Complete Complete Complete
Juju before 1.25.12, 2.0.x before 2.0.4, and 2.1.x before 2.1.3 uses a UNIX domain socket without setting appropriate permissions, allowing privilege escalation by users on the system to root.
1837 CVE-2017-9135 74 Exec Code 2017-05-21 2017-05-26
9.0
Admin Remote Low Single system Complete Complete Complete
An issue was discovered on Mimosa Client Radios before 2.2.4 and Mimosa Backhaul Radios before 2.2.4. On the backend of the device's web interface, there are some diagnostic tests available that are not displayed on the webpage; these are only accessible by crafting a POST request with a program like cURL. There is one test accessible via cURL that does not properly sanitize user input, allowing an attacker to execute shell commands as the root user.
1838 CVE-2017-9133 74 Exec Code 2017-05-21 2017-05-26
9.0
Admin Remote Low Single system Complete Complete Complete
An issue was discovered on Mimosa Client Radios before 2.2.3 and Mimosa Backhaul Radios before 2.2.3. In the device's web interface, after logging in, there is a page that allows you to ping other hosts from the device and view the results. The user is allowed to specify which host to ping, but this variable is not sanitized server-side, which allows an attacker to pass a specially crafted string to execute shell commands as the root user.
1839 CVE-2017-9078 415 Exec Code 2017-05-19 2017-11-03
9.3
Admin Remote Medium Not required Complete Complete Complete
The server in Dropbear before 2017.75 might allow post-authentication root remote code execution because of a double free in cleanup of TCP listeners when the -a option is enabled.
1840 CVE-2017-9073 119 Exec Code Overflow 2017-05-18 2017-05-31
9.3
None Remote Medium Not required Complete Complete Complete
A buffer overflow in Smart Card authentication code in gpkcsp.dll in Microsoft Windows XP through SP3 and Server 2003 through SP2 allows a remote attacker to execute arbitrary code on the target computer, provided that the computer is joined in a Windows domain and has Remote Desktop Protocol connectivity (or Terminal Services) enabled.
1841 CVE-2017-9034 20 Exec Code 2017-05-25 2017-06-01
10.0
None Remote Low Not required Complete Complete Complete
Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows attackers to write to arbitrary files and consequently execute arbitrary code with root privileges by leveraging failure to validate software updates.
1842 CVE-2017-9001 254 Exec Code 2018-08-06 2018-10-18
9.3
None Remote Medium Not required Complete Complete Complete
Aruba ClearPass 6.6.3 and later includes a feature called "SSH Lockout", which causes ClearPass to lock accounts with too many login failures through SSH. When this feature is enabled, an unauthenticated remote command execution vulnerability is present which could allow an unauthenticated user to execute arbitrary commands on the underlying operating system with "root" privilege level. This vulnerability is only present when a specific feature has been enabled. The SSH Lockout feature is not enabled by default, so only systems which have enabled this feature are vulnerable.
1843 CVE-2017-8984 Exec Code 2018-02-15 2018-03-06
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0506P03 was found.
1844 CVE-2017-8983 20 Exec Code 2018-02-15 2018-03-06
9.0
None Remote Low Single system Complete Complete Complete
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P4 was found.
1845 CVE-2017-8981 20 Exec Code 2018-02-15 2018-03-06
10.0
None Remote Low Not required Complete Complete Complete
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0506 was found.
1846 CVE-2017-8976 20 Exec Code 2018-02-15 2018-03-09
10.0
None Remote Low Not required Complete Complete Complete
A Remote Code Execution vulnerability in Hewlett Packard Enterprise Moonshot Provisioning Manager Appliance version v1.20 was found.
1847 CVE-2017-8975 20 Exec Code 2018-02-15 2018-03-09
10.0
None Remote Low Not required Complete Complete Complete
A Remote Code Execution vulnerability in Hewlett Packard Enterprise Moonshot Provisioning Manager Appliance version v1.20 was found.
1848 CVE-2017-8967 502 2018-02-15 2018-02-24
9.0
None Remote Low Single system Complete Complete Complete
A Deserialization of Untrusted Data vulnerability in Hewlett Packard Enterprise Intelligent Management Center (iMC) PLAT version 7.3 E0504P2 was found.
1849 CVE-2017-8966 502 2018-02-15 2018-02-24
9.0
None Remote Low Single system Complete Complete Complete
A Deserialization of Untrusted Data vulnerability in Hewlett Packard Enterprise Intelligent Management Center (iMC) PLAT version 7.3 E0504P2 was found.
1850 CVE-2017-8965 502 2018-02-15 2018-02-24
9.0
None Remote Low Single system Complete Complete Complete
A Deserialization of Untrusted Data vulnerability in Hewlett Packard Enterprise Intelligent Management Center (iMC) PLAT version 7.3 E0504P2 was found.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.