CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
4501 CVE-2017-13162 2017-12-06 2019-10-03
9.3
None Remote Medium Not required Complete Complete Complete
An elevation of privilege vulnerability in the kernel binder. Product: Android. Versions: Android kernel. Android ID A-64216036.
4502 CVE-2017-13160 125 Exec Code 2017-12-06 2019-10-03
10.0
None Remote Low Not required Complete Complete Complete
A remote code execution vulnerability in the Android system (bluetooth). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-37160362.
4503 CVE-2017-13151 682 Exec Code 2017-12-06 2019-10-03
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-63874456.
4504 CVE-2017-13090 119 Overflow 2017-10-27 2017-12-30
9.3
None Remote Medium Not required Complete Complete Complete
The retr.c:fd_read_body() function is called when processing OK responses. When the response is sent chunked in wget before 1.19.2, the chunk parser uses strtol() to read each chunk's length, but doesn't check that the chunk length is a non-negative number. The code then tries to read the chunk in pieces of 8192 bytes by using the MIN() macro, but ends up passing the negative chunk length to retr.c:fd_read(). As fd_read() takes an int argument, the high 32 bits of the chunk length are discarded, leaving fd_read() with a completely attacker controlled length argument. The attacker can corrupt malloc metadata after the allocated buffer.
4505 CVE-2017-13089 119 Overflow 2017-10-27 2017-12-30
9.3
None Remote Medium Not required Complete Complete Complete
The http.c:skip_short_body() function is called in some circumstances, such as when processing redirects. When the response is sent chunked in wget before 1.19.2, the chunk parser uses strtol() to read each chunk's length, but doesn't check that the chunk length is a non-negative number. The code then tries to skip the chunk in pieces of 512 bytes by using the MIN() macro, but ends up passing the negative chunk length to connect.c:fd_read(). As fd_read() takes an int argument, the high 32 bits of the chunk length are discarded, leaving fd_read() with a completely attacker controlled length argument.
4506 CVE-2017-13070 426 Exec Code 2017-12-11 2017-12-26
9.3
None Remote Medium Not required Complete Complete Complete
A DLL Hijacking vulnerability in QNAP Qsync for Windows (exe) version 4.2.2.0724 and earlier could allow remote attackers to execute arbitrary code on Windows machines.
4507 CVE-2017-12945 78 Exec Code 2019-11-27 2019-12-04
9.0
None Remote Low ??? Complete Complete Complete
Insufficient validation of user-supplied input for the Solstice Pod before 2.8.4 networking configuration enables authenticated attackers to execute arbitrary commands as root.
4508 CVE-2017-12928 798 2017-09-21 2017-09-29
10.0
None Remote Low Not required Complete Complete Complete
A hard-coded password of tecn0visi0n for the dlxuser account in TecnoVISION DLX Spot Player4 (all known versions) allows remote attackers to log in via SSH and escalate privileges to root access with the same credentials.
4509 CVE-2017-12904 943 Exec Code 2017-08-23 2020-10-21
9.3
None Remote Medium Not required Complete Complete Complete
Improper Neutralization of Special Elements used in an OS Command in bookmarking function of Newsbeuter versions 0.7 through 2.9 allows remote attackers to perform user-assisted code execution by crafting an RSS item that includes shell code in its title and/or URL.
4510 CVE-2017-12815 22 Dir. Trav. 2018-03-26 2018-10-09
10.0
None Remote Low Not required Complete Complete Complete
Analysis of the Bomgar Remote Support Portal JavaStart.jar Applet 52790 and earlier revealed that it is vulnerable to a path traversal vulnerability. The archive can be downloaded from a given Bomgar Remote Support Portal deployment at https://domain/api/content/JavaStart.jar and is callable from an arbitrary website using <object> and/or <appletHTML> tags. Successful exploitation results in file creation/modification/deletion in the operating system and with privileges of the user that ran the Java applet.
4511 CVE-2017-12796 502 Exec Code 2017-10-23 2017-11-21
10.0
None Remote Low Not required Complete Complete Complete
The Reporting Compatibility Add On before 2.0.4 for OpenMRS, as distributed in OpenMRS Reference Application before 2.6.1, does not authenticate users when deserializing XML input into ReportSchema objects. The result is that remote unauthenticated users are able to execute operating system commands by crafting malicious XML payloads, as demonstrated by a single admin/reports/reportSchemaXml.form request.
4512 CVE-2017-12787 119 Exec Code Overflow +Priv 2017-08-22 2017-08-29
10.0
None Remote Low Not required Complete Complete Complete
A network interface of the novi_process_manager_daemon service, included in the NoviWare software distribution through NW400.2.6 and deployed on NoviSwitch devices, can be inadvertently exposed if an operator attempts to modify ACLs, because of a bug when ACL modifications are applied. This could be leveraged by remote, unauthenticated attackers to gain resultant privileged (root) code execution on the switch, because incoming packet data can contain embedded OS commands, and can also trigger a stack-based buffer overflow.
4513 CVE-2017-12786 119 Exec Code Overflow +Priv 2017-08-22 2017-08-29
10.0
None Remote Low Not required Complete Complete Complete
Network interfaces of the cliengine and noviengine services, included in the NoviWare software distribution through NW400.2.6 and deployed on NoviSwitch devices, can be inadvertently exposed if an operator attempts to modify ACLs, because of a bug when ACL modifications are applied. This could be leveraged by remote, unauthenticated attackers to gain resultant privileged (root) code execution on the switch, because there is a stack-based buffer overflow during unserialization of packet data.
4514 CVE-2017-12785 119 Exec Code Overflow +Priv 2017-08-22 2017-08-29
10.0
None Remote Low Not required Complete Complete Complete
The novish command-line interface, included in the NoviWare software distribution through NW400.2.6 and deployed on NoviSwitch devices, is prone to a buffer overflow in the "show log cli" command. This could be used by a read-only user (monitor role) to gain privileged (root) code execution on the switch via command injection.
4515 CVE-2017-12763 276 +Priv 2017-08-29 2019-10-03
9.0
None Remote Low ??? Complete Complete Complete
An unspecified server utility in NoMachine before 5.3.10 on Mac OS X and Linux allows authenticated users to gain privileges by gaining access to local files.
4516 CVE-2017-12762 119 Overflow 2017-08-09 2018-04-06
10.0
None Remote Low Not required Complete Complete Complete
In /drivers/isdn/i4l/isdn_net.c: A user-controlled buffer is copied into a local buffer of constant size using strcpy without a length check which can cause a buffer overflow. This affects the Linux kernel 4.9-stable tree, 4.12-stable tree, 3.18-stable tree, and 4.4-stable tree.
4517 CVE-2017-12739 1188 Exec Code 2017-11-15 2019-10-03
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with the firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00, and DNPi00. The integrated web server (port 80/tcp) of the affected devices could allow unauthenticated remote attackers to execute arbitrary code on the affected device.
4518 CVE-2017-12708 119 Exec Code Overflow 2017-08-30 2019-10-09
10.0
None Remote Low Not required Complete Complete Complete
An Improper Restriction Of Operations Within The Bounds Of A Memory Buffer issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Researchers have identified multiple vulnerabilities that allow invalid locations to be referenced for the memory buffer, which may allow an attacker to execute arbitrary code or cause the system to crash.
4519 CVE-2017-12636 78 Exec Code 2017-11-14 2019-05-13
9.0
None Remote Low ??? Complete Complete Complete
CouchDB administrative users can configure the database server via HTTP(S). Some of the configuration options include paths for operating system-level binaries that are subsequently launched by CouchDB. This allows an admin user in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to execute arbitrary shell commands as the CouchDB user, including downloading and executing scripts from the public internet.
4520 CVE-2017-12635 269 Exec Code 2017-11-14 2019-10-03
10.0
None Remote Low Not required Complete Complete Complete
Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to submit _users documents with duplicate keys for 'roles' used for access control within the database, including the special case '_admin' role, that denotes administrative users. In combination with CVE-2017-12636 (Remote Code Execution), this can be used to give non-admin users access to arbitrary shell commands on the server as the database system user. The JSON parser differences result in behaviour that if two 'roles' keys are available in the JSON, the second one will be used for authorising the document write, but the first 'roles' key is used for subsequent authorization for the newly created user. By design, users can not assign themselves roles. The vulnerability allows non-admin users to give themselves admin privileges.
4521 CVE-2017-12581 78 Exec Code Bypass 2017-08-06 2017-08-14
9.3
None Remote Medium Not required Complete Complete Complete
GitHub Electron before 1.6.8 allows remote command execution because of a nodeIntegration bypass vulnerability. This also affects all applications that bundle Electron code equivalent to 1.6.8 or earlier. Bypassing the Same Origin Policy (SOP) is a precondition; however, recent Electron versions do not have strict SOP enforcement. Combining an SOP bypass with a privileged URL internally used by Electron, it was possible to execute native Node.js primitives in order to run OS commands on the user's host. Specifically, a chrome-devtools://devtools/bundled/inspector.html window could be used to eval a Node.js child_process.execFile API call.
4522 CVE-2017-12577 798 Exec Code 2018-08-24 2018-11-05
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered on the PLANEX CS-QR20 1.30. A hardcoded account / password ("admin:password") is used in the Android application that allows attackers to use a hidden API URL "/goform/SystemCommand" to execute any command with root permission.
4523 CVE-2017-12576 668 Exec Code 2018-08-24 2019-10-03
9.0
None Remote Low ??? Complete Complete Complete
An issue was discovered on the PLANEX CS-QR20 1.30. A hidden and undocumented management page allows an attacker to execute arbitrary code on the device when the user is authenticated. The management page was used for debugging purposes, once you login and access the page directly (/admin/system_command.asp), you can execute any command.
4524 CVE-2017-12574 798 2018-08-24 2018-11-21
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered on PLANEX CS-W50HD devices with firmware before 030720. A hardcoded credential "supervisor:dangerous" was injected into web authentication database "/.htpasswd" during booting process, which allows attackers to gain unauthorized access and control the device completely; the account can't be modified or deleted.
4525 CVE-2017-12573 Exec Code 2018-08-24 2019-10-03
9.0
None Remote Low ??? Complete Complete Complete
An issue was discovered on PLANEX CS-W50HD devices with firmware before 030720. The device has a command-injection vulnerability in the web management UI on NAS settings page "/cgi-bin/nasset.cgi". An attacker can send a crafted HTTP POST request to execute arbitrary code. Authentication is required before executing the attack.
4526 CVE-2017-12561 824 Exec Code 2018-02-15 2018-03-05
10.0
None Remote Low Not required Complete Complete Complete
A remote code execution vulnerability in HPE intelligent Management Center (iMC) PLAT version Plat 7.3 E0504P4 and earlier was found.
4527 CVE-2017-12558 502 Exec Code 2018-02-15 2018-03-05
10.0
None Remote Low Not required Complete Complete Complete
A Remote Code Execution vulnerability in HPE intelligent Management Center (iMC) PLAT version IMC Plat 7.3 E0504P2 and earlier was found.
4528 CVE-2017-12557 502 Exec Code 2018-02-15 2019-03-08
10.0
None Remote Low Not required Complete Complete Complete
A Remote Code Execution vulnerability in HPE intelligent Management Center (iMC) PLAT version IMC Plat 7.3 E0504P2 and earlier was found.
4529 CVE-2017-12556 502 Exec Code 2018-02-15 2018-03-05
10.0
None Remote Low Not required Complete Complete Complete
A Remote Code Execution vulnerability in HPE intelligent Management Center (iMC) PLAT version IMC Plat 7.3 E0504P2 and earlier was found.
4530 CVE-2017-12554 20 Exec Code 2018-02-15 2018-03-06
9.0
None Remote Low ??? Complete Complete Complete
A remote code execution vulnerability in HPE intelligent Management Center (iMC) PLAT iMC Plat 7.3 E0504P2 and earlier was found.
4531 CVE-2017-12542 Exec Code Bypass 2018-02-15 2018-07-23
10.0
None Remote Low Not required Complete Complete Complete
A authentication bypass and execution of code vulnerability in HPE Integrated Lights-out 4 (iLO 4) version prior to 2.53 was found.
4532 CVE-2017-12541 20 Exec Code 2018-02-15 2018-02-23
9.0
None Remote Low ??? Complete Complete Complete
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.
4533 CVE-2017-12540 20 Exec Code 2018-02-15 2018-02-23
9.0
None Remote Low ??? Complete Complete Complete
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.
4534 CVE-2017-12539 20 Exec Code 2018-02-15 2018-02-23
9.0
None Remote Low ??? Complete Complete Complete
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.
4535 CVE-2017-12538 20 Exec Code 2018-02-15 2018-02-23
9.0
None Remote Low ??? Complete Complete Complete
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.
4536 CVE-2017-12537 20 Exec Code 2018-02-15 2018-02-23
9.0
None Remote Low ??? Complete Complete Complete
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.
4537 CVE-2017-12536 20 Exec Code 2018-02-15 2018-02-23
9.0
None Remote Low ??? Complete Complete Complete
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.
4538 CVE-2017-12535 20 Exec Code 2018-02-15 2018-02-23
9.0
None Remote Low ??? Complete Complete Complete
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.
4539 CVE-2017-12534 20 Exec Code 2018-02-15 2018-02-23
9.0
None Remote Low ??? Complete Complete Complete
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.
4540 CVE-2017-12533 20 Exec Code 2018-02-15 2018-02-23
9.0
None Remote Low ??? Complete Complete Complete
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.
4541 CVE-2017-12532 20 Exec Code 2018-02-15 2018-02-23
9.0
None Remote Low ??? Complete Complete Complete
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.
4542 CVE-2017-12531 20 Exec Code 2018-02-15 2018-02-23
9.0
None Remote Low ??? Complete Complete Complete
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.
4543 CVE-2017-12530 20 Exec Code 2018-02-15 2018-02-23
9.0
None Remote Low ??? Complete Complete Complete
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.
4544 CVE-2017-12529 20 Exec Code 2018-02-15 2018-02-23
9.0
None Remote Low ??? Complete Complete Complete
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.
4545 CVE-2017-12528 20 Exec Code 2018-02-15 2018-02-23
9.0
None Remote Low ??? Complete Complete Complete
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.
4546 CVE-2017-12527 20 Exec Code 2018-02-15 2018-02-23
9.0
None Remote Low ??? Complete Complete Complete
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.
4547 CVE-2017-12526 20 Exec Code 2018-02-15 2018-02-23
9.0
None Remote Low ??? Complete Complete Complete
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.
4548 CVE-2017-12525 20 Exec Code 2018-02-15 2018-02-23
9.0
None Remote Low ??? Complete Complete Complete
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.
4549 CVE-2017-12524 20 Exec Code 2018-02-15 2018-02-23
9.0
None Remote Low ??? Complete Complete Complete
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.
4550 CVE-2017-12523 20 Exec Code 2018-02-15 2018-02-23
9.0
None Remote Low ??? Complete Complete Complete
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.