# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
24401 |
CVE-2017-6194 |
119 |
|
DoS Overflow |
2017-04-03 |
2017-04-10 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
The relocs function in libr/bin/p/bin_bflt.c in radare2 1.2.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file. |
24402 |
CVE-2017-6193 |
119 |
|
DoS Exec Code Overflow |
2018-02-20 |
2018-03-12 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Buffer overflow in APNGDis 2.8 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted image containing a malformed image size descriptor in the IHDR chunk. |
24403 |
CVE-2017-6192 |
119 |
|
DoS Exec Code Overflow |
2018-02-20 |
2018-03-12 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
Buffer overflow in APNGDis 2.8 and earlier allows a remote attackers to cause denial of service and possibly execute arbitrary code via a crafted image containing a malformed chunk size descriptor. |
24404 |
CVE-2017-6191 |
119 |
|
Exec Code Overflow |
2017-03-23 |
2017-03-28 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Buffer overflow in APNGDis 2.8 and below allows a remote attacker to execute arbitrary code via a crafted filename. |
24405 |
CVE-2017-6190 |
22 |
|
Dir. Trav. |
2017-04-10 |
2017-08-15 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Directory traversal vulnerability in the web interface on the D-Link DWR-116 device with firmware before V1.05b09 allows remote attackers to read arbitrary files via a .. (dot dot) in a "GET /uir/" request. |
24406 |
CVE-2017-6189 |
426 |
|
Exec Code |
2017-03-15 |
2017-03-24 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
Untrusted search path vulnerability in Amazon Kindle for PC before 1.19 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse DLL in the current working directory of the Kindle Setup installer. |
24407 |
CVE-2017-6188 |
20 |
|
|
2017-02-22 |
2019-10-02 |
1.9 |
None |
Local |
Medium |
Not required |
None |
Partial |
None |
Munin before 2.999.6 has a local file write vulnerability when CGI graphs are enabled. Setting multiple upper_limit GET parameters allows overwriting any file accessible to the www-data user. |
24408 |
CVE-2017-6184 |
77 |
|
|
2017-03-30 |
2017-04-04 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's interface responsible for generating reports was vulnerable to remote command injection via the token parameter, aka NSWA-1303. |
24409 |
CVE-2017-6183 |
77 |
|
|
2017-03-30 |
2017-04-04 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's configuration utilities for adding (and detecting) Active Directory servers was vulnerable to remote command injection, aka NSWA-1314. |
24410 |
CVE-2017-6181 |
20 |
|
DoS |
2017-04-03 |
2017-04-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
The parse_char_class function in regparse.c in the Onigmo (aka Oniguruma-mod) regular expression library, as used in Ruby 2.4.0, allows remote attackers to cause a denial of service (deep recursion and application crash) via a crafted regular expression. |
24411 |
CVE-2017-6180 |
352 |
|
CSRF |
2017-03-13 |
2017-03-14 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Keekoon KK002 devices 1.8.12 HD have a Cross Site Request Forgery Vulnerability affecting goform/formChnUserPwd and goform/formUserMng (and the entire set of other pages). |
24412 |
CVE-2017-6178 |
476 |
|
+Priv |
2017-03-20 |
2017-03-24 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
The IofCallDriver function in USBPcap 1.1.0.0 allows local users to gain privileges via a crafted 0x00090028 IOCTL call, which triggers a NULL pointer dereference. |
24413 |
CVE-2017-6169 |
20 |
|
|
2018-02-06 |
2018-03-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
In versions 13.0.0, 12.0.0-12.1.3, or 11.6.0-11.6.2, an F5 BIG-IP virtual server using the URL categorization feature may cause the Traffic Management Microkernel (TMM) to produce a core file when it receives malformed URLs during categorization. |
24414 |
CVE-2017-6168 |
203 |
|
|
2017-11-17 |
2019-10-02 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
On BIG-IP versions 11.6.0-11.6.2 (fixed in 11.6.2 HF1), 12.0.0-12.1.2 HF1 (fixed in 12.1.2 HF2), or 13.0.0-13.0.0 HF2 (fixed in 13.0.0 HF3) a virtual server configured with a Client SSL profile may be vulnerable to an Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) against RSA, which when exploited, may result in plaintext recovery of encrypted messages and/or a Man-in-the-middle (MiTM) attack, despite the attacker not having gained access to the server's private key itself, aka a ROBOT attack. |
24415 |
CVE-2017-6166 |
415 |
|
|
2017-11-22 |
2017-12-27 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
In BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, and WebSafe software 12.0.0 to 12.1.1, in some cases the Traffic Management Microkernel (TMM) may crash when processing fragmented packets. This vulnerability affects TMM through a virtual server configured with a FastL4 profile. Traffic processing is disrupted while TMM restarts. If the affected BIG-IP system is configured as part of a device group, it will trigger a failover to the peer device. |
24416 |
CVE-2017-6165 |
532 |
|
|
2017-10-20 |
2017-11-15 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, and WebSafe 11.5.1 HF6 through 11.5.4 HF4, 11.6.0 through 11.6.1 HF1, and 12.0.0 through 12.1.2 on VIPRION platforms only, the script which synchronizes SafeNet External Network HSM configuration elements between blades in a clustered deployment will log the HSM partition password in cleartext to the "/var/log/ltm" log file. |
24417 |
CVE-2017-6164 |
20 |
|
Exec Code |
2017-12-21 |
2018-01-09 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator and WebSafe software version 13.0.0, 12.0.0 - 12.1.2, 11.6.0 - 11.6.1 and 11.5.0 - 11.5.4, in some circumstances, Traffic Management Microkernel (TMM) does not properly handle certain malformed TLS1.2 records, which allows remote attackers to cause a denial-of-service (DoS) or possible remote command execution on the BIG-IP system. |
24418 |
CVE-2017-6163 |
119 |
|
Overflow |
2017-10-27 |
2017-11-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
In F5 BIG-IP LTM, AAM, AFM, APM, ASM, Link Controller, PEM, PSM software version 12.0.0 to 12.1.2, 11.6.0 to 11.6.1, 11.4.0 to 11.5.4, when a virtual server uses the standard configuration of HTTP/2 or SPDY profile with Client SSL profile, and the client initiates a number of concurrent streams beyond the advertised limit can cause a disruption of service. Remote client initiating stream beyond the advertised limit can cause a disruption of service. The Traffic Management Microkernel (TMM) data plane is exposed to this issue; the control plane is not exposed. |
24419 |
CVE-2017-6162 |
119 |
|
Overflow |
2017-10-27 |
2017-11-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, Websafe software version 12.0.0 to 12.1.2, 11.6.0 to 11.6.1, 11.4.0 to 11.5.4, 11.2.1, in some cases TMM may crash when processing TCP traffic. This vulnerability affects TMM via a virtual server configured with TCP profile. Traffic processing is disrupted while Traffic Management Microkernel (TMM) restarts. If the affected BIG-IP system is configured to be part of a device group, it will trigger a failover to the peer device. |
24420 |
CVE-2017-6161 |
400 |
|
Bypass |
2017-10-27 |
2017-11-16 |
2.9 |
None |
Local Network |
Medium |
Not required |
None |
None |
Partial |
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator software version 12.0.0 - 12.1.2, 11.6.0 - 11.6.1, 11.4.0 - 11.5.4, 11.2.1, when ConfigSync is configured, attackers on adjacent networks may be able to bypass the TLS protections usually used to encrypted and authenticate connections to mcpd. This vulnerability may allow remote attackers to cause a denial-of-service (DoS) attack via resource exhaustion. |
24421 |
CVE-2017-6160 |
|
|
|
2017-10-27 |
2019-10-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
In F5 BIG-IP AAM and PEM software version 12.0.0 to 12.1.1, 11.6.0 to 11.6.1, 11.4.1 to 11.5.4, a remote attacker may create maliciously crafted HTTP request to cause Traffic Management Microkernel (TMM) to restart and temporarily fail to process traffic. This issue is exposed on virtual servers using a Policy Enforcement profile or a Web Acceleration profile. Systems that do not have BIG-IP AAM module provisioned are not vulnerable. The Traffic Management Microkernel (TMM) may restart and temporarily fail to process traffic. Systems that do not have BIG-IP AAM or PEM module provisioned are not vulnerable. |
24422 |
CVE-2017-6159 |
|
|
DoS |
2017-10-27 |
2019-10-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, Websafe software version 12.0.0 to 12.1.2, 11.6.0 to 11.6.1 are vulnerable to a denial of service attack when the MPTCP option is enabled on a virtual server. Data plane is vulnerable when using the MPTCP option of a TCP profile. There is no control plane exposure. An attacker may be able to disrupt services by causing TMM to restart hence temporarily failing to process traffic. |
24423 |
CVE-2017-6158 |
|
|
|
2018-04-13 |
2019-10-02 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
In F5 BIG-IP 12.0.0-12.1.2, 11.6.0-11.6.1, 11.5.1-11.5.5, or 11.2.1 there is a vulnerability in TMM related to handling of invalid IP addresses. |
24424 |
CVE-2017-6157 |
|
|
Exec Code |
2017-10-27 |
2019-10-02 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and Websafe software version 12.0.0 to 12.1.1, 11.6.0 to 11.6.1, 11.5.0 - 11.5.4, virtual servers with a configuration using the HTTP Explicit Proxy functionality and/or SOCKS profile are vulnerable to an unauthenticated, remote attack that allows modification of BIG-IP system configuration, extraction of sensitive system files, and/or possible remote command execution on the BIG-IP system. |
24425 |
CVE-2017-6156 |
|
|
|
2018-04-13 |
2019-10-02 |
6.0 |
None |
Remote |
Medium |
Single system |
Partial |
Partial |
Partial |
When the F5 BIG-IP 12.1.0-12.1.1, 11.6.0-11.6.1, 11.5.1-11.5.5, or 11.2.1 system is configured with a wildcard IPSec tunnel endpoint, it may allow a remote attacker to disrupt or impersonate the tunnels that have completed phase 1 IPSec negotiations. The attacker must possess the necessary credentials to negotiate the phase 1 of the IPSec exchange to exploit this vulnerability; in many environment this limits the attack surface to other endpoints under the same administration. |
24426 |
CVE-2017-6155 |
|
|
|
2018-04-13 |
2019-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
On F5 BIG-IP 13.0.0, 12.0.0-12.1.3.1, 11.6.0-11.6.2, 11.4.1-11.5.5, or 11.2.1, malformed SPDY or HTTP/2 requests may result in a disruption of service to TMM. Data plane is only exposed when a SPDY or HTTP/2 profile is attached to a virtual server. There is no control plane exposure. |
24427 |
CVE-2017-6154 |
20 |
|
|
2018-03-01 |
2018-03-23 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
On F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, or 11.6.1 - 11.6.2, the BIG-IP ASM bd daemon may core dump memory under some circumstances when processing undisclosed types of data on systems with 48 or more CPU cores. |
24428 |
CVE-2017-6153 |
400 |
|
|
2018-06-01 |
2019-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Features in F5 BIG-IP 13.0.0-13.1.0.3, 12.1.0-12.1.3.1, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1 system that utilizes inflate functionality directly, via an iRule, or via the inflate code from PEM module are subjected to a service disruption via a "Zip Bomb" attack. |
24429 |
CVE-2017-6152 |
269 |
|
|
2018-03-08 |
2019-10-02 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
A local user on F5 BIG-IQ Centralized Management 5.1.0-5.2.0 with the Access Manager role has privileges to change the passwords of other users on the system, including the local admin account password. |
24430 |
CVE-2017-6148 |
20 |
|
|
2018-04-13 |
2018-05-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Responses to SOCKS proxy requests made through F5 BIG-IP version 13.0.0, 12.0.0-12.1.3.1, 11.6.1-11.6.2, or 11.5.1-11.5.5 may cause a disruption of services provided by TMM. The data plane is impacted and exposed only when a SOCKS proxy profile is attached to a Virtual Server. The control plane is not impacted by this vulnerability. |
24431 |
CVE-2017-6147 |
|
|
|
2017-09-18 |
2019-10-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, and WebSafe 12.1.2-HF1 and 13.0.0, an undisclosed type of responses may cause TMM to restart, causing an interruption of service when "SSL Forward Proxy" setting is enabled in both the Client and Server SSL profiles assigned to a BIG-IP Virtual Server. |
24432 |
CVE-2017-6144 |
295 |
|
+Priv |
2017-10-20 |
2017-11-15 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
In F5 BIG-IP PEM 12.1.0 through 12.1.2 when downloading the Type Allocation Code (TAC) database file via HTTPS, the server's certificate is not verified. Attackers in a privileged network position may be able to launch a man-in-the-middle attack against these connections. TAC databases are used in BIG-IP PEM for Device Type and OS (DTOS) and Tethering detection. Customers not using BIG-IP PEM, not configuring downloads of TAC database files, or not using HTTP for that download are not affected. |
24433 |
CVE-2017-6143 |
295 |
|
|
2018-04-13 |
2018-05-21 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
X509 certificate verification was not correctly implemented in the IP Intelligence Subscription and IP Intelligence feed-list features, and thus the remote server's identity is not properly validated in F5 BIG-IP 12.0.0-12.1.2, 11.6.0-11.6.2, or 11.5.0-11.5.5. |
24434 |
CVE-2017-6142 |
295 |
|
|
2018-01-19 |
2018-02-06 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
X509 certificate verification was not correctly implemented in the early access "user id" feature in the F5 BIG-IP Advanced Firewall Manager versions 13.0.0, 12.1.0-12.1.2, and 11.6.0-11.6.2, and thus did not properly validate the remote server's identity on certain versions of BIG-IP. |
24435 |
CVE-2017-6141 |
20 |
|
|
2017-10-20 |
2017-11-15 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
In F5 BIG-IP LTM, AAM, AFM, APM, ASM, Link Controller, PEM, and WebSafe 12.1.0 through 12.1.2, certain values in a TLS abbreviated handshake when using a client SSL profile with the Session Ticket option enabled may cause disruption of service to the Traffic Management Microkernel (TMM). The Session Ticket option is disabled by default. |
24436 |
CVE-2017-6140 |
20 |
|
|
2017-12-21 |
2018-01-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
On the BIG-IP 2000s, 2200s, 4000s, 4200v, i5600, i5800, i7600, i7800, i10600,i10800, and VIPRION 4450 blades, running version 11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.6.0, 11.6.1, 12.0.0, 12.1.0, 12.1.1 or 12.1.2 of BIG-IP LTM, AAM, AFM, Analytics, ASM, DNS, GTM or PEM, an undisclosed sequence of packets sent to Virtual Servers with client or server SSL profiles may cause disruption of data plane services. |
24437 |
CVE-2017-6139 |
532 |
|
|
2017-12-21 |
2019-04-12 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
In F5 BIG-IP APM software version 13.0.0 and 12.1.2, under rare conditions, the BIG-IP APM system appends log details when responding to client requests. Details in the log file can vary; customers running debug mode logging with BIG-IP APM are at highest risk. |
24438 |
CVE-2017-6138 |
20 |
|
|
2017-12-21 |
2018-01-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0 and 12.1.0 - 12.1.2, malicious requests made to virtual servers with an HTTP profile can cause the TMM to restart. The issue is exposed with BIG-IP APM profiles, regardless of settings. The issue is also exposed with the non-default "normalize URI" configuration options used in iRules and/or BIG-IP LTM policies. |
24439 |
CVE-2017-6137 |
|
|
|
2017-05-09 |
2019-10-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, PSM, WebAccelerator, and WebSafe 11.6.1 HF1, 12.0.0 HF3, 12.0.0 HF4, and 12.1.0 through 12.1.2, undisclosed traffic patterns received while software SYN cookie protection is engaged may cause a disruption of service to the Traffic Management Microkernel (TMM) on specific platforms and configurations. |
24440 |
CVE-2017-6136 |
20 |
|
|
2017-12-21 |
2018-01-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0 and 12.0.0 - 12.1.2, undisclosed traffic patterns sent to BIG-IP virtual servers, with the TCP Fast Open and Tail Loss Probe options enabled in the associated TCP profile, may cause a disruption of service to the Traffic Management Microkernel (TMM). |
24441 |
CVE-2017-6134 |
20 |
|
|
2017-12-21 |
2018-01-11 |
3.3 |
None |
Local Network |
Low |
Not required |
None |
None |
Partial |
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0, 12.1.0 - 12.1.2 and 11.5.1 - 11.6.1, an undisclosed sequence of packets, sourced from an adjacent network may cause TMM to crash. |
24442 |
CVE-2017-6132 |
20 |
|
|
2017-12-21 |
2018-01-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and Websafe software version 13.0.0, 12.0.0 to 12.1.2, 11.6.0 to 11.6.1 and 11.5.0 - 11.5.4, an undisclosed sequence of packets sent to BIG-IP High Availability state mirror listeners (primary and/or secondary IP) may cause TMM to restart. |
24443 |
CVE-2017-6130 |
918 |
|
Bypass |
2017-04-06 |
2017-04-12 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
F5 SSL Intercept iApp 1.5.0 - 1.5.7 and SSL Orchestrator 2.0 is vulnerable to a Server-Side Request Forgery (SSRF) attack when deployed using the Dynamic Domain Bypass (DDB) feature feature plus SNAT Auto Map option for egress traffic. |
24444 |
CVE-2017-6128 |
|
|
|
2017-05-01 |
2019-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
An attacker may be able to cause a denial-of-service (DoS) attack against the sshd component in F5 BIG-IP, Enterprise Manager, BIG-IQ, and iWorkflow. |
24445 |
CVE-2017-6127 |
352 |
|
CSRF |
2017-02-21 |
2017-03-01 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Multiple cross-site request forgery (CSRF) vulnerabilities in the access portal on the DIGISOL DG-HR1400 Wireless Router with firmware 1.00.02 allow remote attackers to hijack the authentication of administrators for requests that (1) change the SSID, (2) change the Wi-Fi password, or (3) possibly have unspecified other impact via crafted requests to form2WlanBasicSetup.cgi. |
24446 |
CVE-2017-6104 |
287 |
|
|
2017-03-02 |
2019-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
Remote file upload vulnerability in Wordpress Plugin Mobile App Native 3.0. |
24447 |
CVE-2017-6103 |
79 |
|
XSS |
2017-03-02 |
2018-05-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Persistent XSS Vulnerability in Wordpress plugin AnyVar v0.1.1. |
24448 |
CVE-2017-6102 |
79 |
|
XSS |
2017-03-02 |
2017-07-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Persistent XSS in wordpress plugin rockhoist-badges v1.2.2. |
24449 |
CVE-2017-6100 |
668 |
|
|
2017-02-23 |
2019-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
tcpdf before 6.2.0 uploads files from the server generating PDF-files to an external FTP. |
24450 |
CVE-2017-6099 |
79 |
|
XSS |
2017-02-23 |
2017-03-01 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in GetAuthDetails.html.php in PayPal PHP Merchant SDK (aka merchant-sdk-php) 3.9.1 allows remote attackers to inject arbitrary web script or HTML via the token parameter. |