CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
2851 CVE-2017-3542 DoS 2017-04-24 2019-10-02
9.0
None Remote Low Not required Complete Partial Partial
Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Server). Supported versions that are affected are 11.1.1.8.0, 12.2.1.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebCenter Sites accessible data as well as unauthorized update, insert or delete access to some of Oracle WebCenter Sites accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle WebCenter Sites. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L).
2852 CVE-2017-3230 DoS 2017-04-24 2019-10-02
9.0
None Remote Low Not required Partial Complete Partial
Vulnerability in the Oracle Fusion Middleware MapViewer component of Oracle Fusion Middleware (subcomponent: Map Builder). Supported versions that are affected are 11.1.1.9, 12.2.1.1 and 12.2.1.2. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Fusion Middleware MapViewer. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Fusion Middleware MapViewer accessible data as well as unauthorized read access to a subset of Oracle Fusion Middleware MapViewer accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Fusion Middleware MapViewer. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L).
2853 CVE-2017-3222 798 Exec Code +Priv 2017-07-22 2017-10-28
10.0
None Remote Low Not required Complete Complete Complete
Hard-coded credentials in AmosConnect 8 allow remote attackers to gain full administrative privileges, including the ability to execute commands on the Microsoft Windows host platform with SYSTEM privileges by abusing AmosConnect Task Manager.
2854 CVE-2017-3217 306 2018-07-24 2019-10-09
9.3
None Remote Medium Not required Complete Complete Complete
CalAmp LMU 3030 series OBD-II CDMA and GSM devices has an SMS (text message) interface that can be deployed where no password is configured for this interface by the integrator / reseller. This interface must be password protected, otherwise, the attacker only needs to know the phone number of the device (via an IMSI Catcher, for example) to send administrative commands to the device. These commands can be used to provide ongoing, real-time access to the device and can configure parameters such as IP addresses, firewall rules, and passwords.
2855 CVE-2017-3216 306 Bypass 2017-06-19 2019-10-09
10.0
None Remote Low Not required Complete Complete Complete
WiMAX routers based on the MediaTek SDK (libmtk) that use a custom httpd plugin are vulnerable to an authentication bypass allowing a remote, unauthenticated attacker to gain administrator access to the device by performing an administrator password change on the device via a crafted POST request.
2856 CVE-2017-3198 311 2018-07-09 2019-10-09
10.0
None Remote Low Not required Complete Complete Complete
GIGABYTE BRIX UEFI firmware does not cryptographically validate images prior to updating the system firmware. Additionally, the firmware updates are served over HTTP. An attacker can make arbitrary modifications to firmware images without being detected.
2857 CVE-2017-3197 20 2018-07-09 2019-10-09
10.0
None Remote Low Not required Complete Complete Complete
GIGABYTE BRIX UEFI firmware for the GB-BSi7H-6500 (version F6) and GB-BXi7-5775 (version F2) platforms does not securely implement BIOSWE, BLE, SMM_BWP, and PRx features. As a result, the BIOS is not protected from arbitrary write access and may permit modifications to the SPI flash.
2858 CVE-2017-3195 119 Exec Code Overflow 2017-12-15 2019-10-09
10.0
None Remote Low Not required Complete Complete Complete
Commvault Edge Communication Service (cvd) prior to version 11 SP7 or version 11 SP6 with hotfix 590 is prone to a stack-based buffer overflow vulnerability that could lead to arbitrary code execution with administrative privileges.
2859 CVE-2017-3189 434 Exec Code 2018-07-24 2019-10-09
9.3
None Remote Medium Not required Complete Complete Complete
The dotCMS administration panel, versions 3.7.1 and earlier, "Push Publishing" feature in Enterprise Pro is vulnerable to arbitrary file upload. When "Bundle" tar.gz archives uploaded to the Push Publishing feature are decompressed, there are no checks on the types of files which the bundle contains. This vulnerability combined with the path traversal vulnerability (CVE-2017-3188) can lead to remote command execution with the permissions of the user running the dotCMS application. An unauthenticated remote attacker may perform actions with the dotCMS administrator panel with the same permissions of a victim user or execute arbitrary system commands with the permissions of the user running the dotCMS application.
2860 CVE-2017-3186 798 2017-12-15 2019-10-09
10.0
None Remote Low Not required Complete Complete Complete
ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC use non-random default credentials across all devices. A remote attacker can take complete control of a device using default admin credentials.
2861 CVE-2017-3184 798 DoS 2017-12-15 2019-10-09
10.0
None Remote Low Not required Complete Complete Complete
ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC fail to properly restrict access to the factory reset page. An unauthenticated, remote attacker can exploit this vulnerability by directly accessing the http://x.x.x.x/setup/setup_maintain_firmware-default.html page. This will allow an attacker to perform a factory reset on the device, leading to a denial of service condition or the ability to make use of default credentials (CVE-2017-3186).
2862 CVE-2017-3134 20 +Priv 2017-05-26 2019-10-02
9.0
None Remote Low Single system Complete Complete Complete
An escalation of privilege vulnerability in Fortinet FortiWLC-SD versions 8.2.4 and below allows attacker to gain root access via the CLI command 'copy running-config'.
2863 CVE-2017-3124 119 Exec Code Overflow Mem. Corr. 2017-08-11 2019-08-21
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the picture exchange (PCX) file format parsing module. Successful exploitation could lead to arbitrary code execution.
2864 CVE-2017-3123 119 Exec Code Overflow Mem. Corr. 2017-08-11 2019-08-21
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data drawing position definition. Successful exploitation could lead to arbitrary code execution.
2865 CVE-2017-3121 119 Exec Code Overflow Mem. Corr. 2017-08-11 2019-08-21
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the Enhanced Metafile Format (EMF) parser. Successful exploitation could lead to arbitrary code execution.
2866 CVE-2017-3120 416 Exec Code 2017-08-11 2019-08-21
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in the XFA parsing engine when handling certain types of internal instructions. Successful exploitation could lead to arbitrary code execution.
2867 CVE-2017-3117 119 Exec Code Overflow 2017-08-11 2019-08-21
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable heap overflow vulnerability in the plugin that handles links within the PDF. Successful exploitation could lead to arbitrary code execution.
2868 CVE-2017-3116 119 Exec Code Overflow Mem. Corr. 2017-08-11 2019-08-21
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the MakeAccessible plugin when parsing TrueType font data. Successful exploitation could lead to arbitrary code execution.
2869 CVE-2017-3114 125 2017-12-09 2017-12-21
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of providing language- and region- or country- specific functionality. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.
2870 CVE-2017-3113 416 Exec Code 2017-08-11 2019-08-21
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in JavaScript engine when creating large strings. Successful exploitation could lead to arbitrary code execution.
2871 CVE-2017-3112 125 2017-12-09 2018-01-09
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of AdobePSDK metadata. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.
2872 CVE-2017-3106 704 Exec Code 2017-08-11 2018-01-04
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Flash Player versions 26.0.0.137 and earlier have an exploitable type confusion vulnerability when parsing SWF files. Successful exploitation could lead to arbitrary code execution.
2873 CVE-2017-3099 119 Exec Code Overflow Mem. Corr. 2017-07-17 2018-01-04
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player versions 26.0.0.131 and earlier have an exploitable memory corruption vulnerability in the Action Script 3 raster data model. Successful exploitation could lead to arbitrary code execution.
2874 CVE-2017-3098 20 Exec Code 2017-06-20 2017-07-07
10.0
None Remote Low Not required Complete Complete Complete
Adobe Captivate versions 9 and earlier have a remote code execution vulnerability in the quiz reporting feature that could be abused to read and write arbitrary files to the server.
2875 CVE-2017-3097 427 Exec Code 2017-06-20 2019-10-02
10.0
None Remote Low Not required Complete Complete Complete
Adobe Digital Editions versions 4.5.4 and earlier contain an insecure library loading vulnerability. The vulnerability is due to unsafe library loading functions in the installer plugin. A successful exploitation could lead to arbitrary code execution.
2876 CVE-2017-3096 119 Exec Code Overflow Mem. Corr. 2017-06-20 2017-07-07
10.0
None Remote Low Not required Complete Complete Complete
Adobe Digital Editions versions 4.5.4 and earlier have an exploitable memory corruption vulnerability in the character code mapping module. Successful exploitation could lead to arbitrary code execution.
2877 CVE-2017-3095 119 Exec Code Overflow Mem. Corr. 2017-06-20 2017-07-07
10.0
None Remote Low Not required Complete Complete Complete
Adobe Digital Editions versions 4.5.4 and earlier have an exploitable memory corruption vulnerability in the PDF parsing engine. Successful exploitation could lead to arbitrary code execution.
2878 CVE-2017-3094 119 Exec Code Overflow Mem. Corr. 2017-06-20 2017-07-07
10.0
None Remote Low Not required Complete Complete Complete
Adobe Digital Editions versions 4.5.4 and earlier have an exploitable memory corruption vulnerability in the PDF processing engine. Successful exploitation could lead to arbitrary code execution.
2879 CVE-2017-3093 119 Exec Code Overflow Mem. Corr. 2017-06-20 2017-07-07
10.0
None Remote Low Not required Complete Complete Complete
Adobe Digital Editions versions 4.5.4 and earlier have an exploitable memory corruption vulnerability in the bitmap representation module. Successful exploitation could lead to arbitrary code execution.
2880 CVE-2017-3092 427 Exec Code 2017-06-20 2019-10-02
10.0
None Remote Low Not required Complete Complete Complete
Adobe Digital Editions versions 4.5.4 and earlier contain an insecure library loading vulnerability. The vulnerability is due to unsafe library loading of editor control library functions in the installer plugin. A successful exploitation could lead to arbitrary code execution.
2881 CVE-2017-3090 427 Exec Code 2017-06-20 2019-10-02
10.0
None Remote Low Not required Complete Complete Complete
Adobe Digital Editions versions 4.5.4 and earlier contain an insecure library loading vulnerability. The vulnerability is due to unsafe library loading of browser related library extensions in the installer plugin. A successful exploitation could lead to arbitrary code execution.
2882 CVE-2017-3089 119 Exec Code Overflow Mem. Corr. 2017-06-20 2017-07-07
10.0
None Remote Low Not required Complete Complete Complete
Adobe Digital Editions versions 4.5.4 and earlier have an exploitable memory corruption vulnerability in the PDF imaging model. Successful exploitation could lead to arbitrary code execution.
2883 CVE-2017-3088 119 Exec Code Overflow Mem. Corr. 2017-06-20 2017-07-07
10.0
None Remote Low Not required Complete Complete Complete
Adobe Digital Editions versions 4.5.4 and earlier have an exploitable memory corruption vulnerability in the PDF runtime engine. Successful exploitation could lead to arbitrary code execution.
2884 CVE-2017-3086 119 Exec Code Overflow Mem. Corr. 2017-06-20 2017-09-20
10.0
None Remote Low Not required Complete Complete Complete
Adobe Shockwave versions 12.2.8.198 and earlier have an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.
2885 CVE-2017-3084 416 Exec Code 2017-06-20 2018-01-04
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable use after free vulnerability in the advertising metadata functionality. Successful exploitation could lead to arbitrary code execution.
2886 CVE-2017-3083 416 Exec Code 2017-06-20 2018-01-04
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable use after free vulnerability in the Primetime SDK functionality related to the profile metadata of the media stream. Successful exploitation could lead to arbitrary code execution.
2887 CVE-2017-3082 119 Exec Code Overflow Mem. Corr. 2017-06-20 2018-01-04
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable memory corruption vulnerability in the LocaleID class. Successful exploitation could lead to arbitrary code execution.
2888 CVE-2017-3081 416 Exec Code 2017-06-20 2018-01-04
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable use after free vulnerability during internal computation caused by multiple display object mask manipulations. Successful exploitation could lead to arbitrary code execution.
2889 CVE-2017-3079 119 Exec Code Overflow Mem. Corr. 2017-06-20 2018-01-04
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable memory corruption vulnerability in the internal representation of raster data. Successful exploitation could lead to arbitrary code execution.
2890 CVE-2017-3078 119 Exec Code Overflow Mem. Corr. 2017-06-20 2018-01-04
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable memory corruption vulnerability in the Adobe Texture Format (ATF) module. Successful exploitation could lead to arbitrary code execution.
2891 CVE-2017-3077 119 Exec Code Overflow Mem. Corr. 2017-06-20 2018-01-04
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable memory corruption vulnerability in the PNG image parser. Successful exploitation could lead to arbitrary code execution.
2892 CVE-2017-3076 119 Exec Code Overflow Mem. Corr. 2017-06-20 2018-01-04
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable memory corruption vulnerability in the MPEG-4 AVC module. Successful exploitation could lead to arbitrary code execution.
2893 CVE-2017-3075 416 Exec Code 2017-06-20 2018-01-04
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable use after free vulnerability when manipulating the ActionsScript 2 XML class. Successful exploitation could lead to arbitrary code execution.
2894 CVE-2017-3074 119 Exec Code Overflow Mem. Corr. 2017-05-09 2018-01-04
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the Graphics class. Successful exploitation could lead to arbitrary code execution.
2895 CVE-2017-3073 416 Exec Code Mem. Corr. 2017-05-09 2019-10-02
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable use after free vulnerability when handling multiple mask properties of display objects, aka memory corruption. Successful exploitation could lead to arbitrary code execution.
2896 CVE-2017-3072 119 Exec Code Overflow Mem. Corr. 2017-05-09 2018-01-04
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the BitmapData class. Successful exploitation could lead to arbitrary code execution.
2897 CVE-2017-3071 416 Exec Code 2017-05-09 2018-01-04
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable use after free vulnerability when masking display objects. Successful exploitation could lead to arbitrary code execution.
2898 CVE-2017-3070 119 Exec Code Overflow Mem. Corr. 2017-05-09 2018-01-04
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the ConvolutionFilter class. Successful exploitation could lead to arbitrary code execution.
2899 CVE-2017-3069 119 Exec Code Overflow Mem. Corr. 2017-05-09 2018-01-04
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the BlendMode class. Successful exploitation could lead to arbitrary code execution.
2900 CVE-2017-3068 119 Exec Code Overflow Mem. Corr. 2017-05-09 2018-01-04
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the Advanced Video Coding engine. Successful exploitation could lead to arbitrary code execution.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.