U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
There are 240,799 matching records.
Displaying matches 145,781 through 145,800.
Vuln ID Summary CVSS Severity
CVE-2017-15622

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-mppeencryption variable in the pptp_client.lua file.

Published: January 11, 2018; 11:29:00 AM -0500
V4.0:(not available)
V3.0: 7.2 HIGH
V2.0: 9.0 HIGH
CVE-2017-15621

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the olmode variable in the interface_wan.lua file.

Published: January 11, 2018; 11:29:00 AM -0500
V4.0:(not available)
V3.0: 7.2 HIGH
V2.0: 9.0 HIGH
CVE-2017-15620

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-zone variable in the ipmac_import.lua file.

Published: January 11, 2018; 11:29:00 AM -0500
V4.0:(not available)
V3.0: 7.2 HIGH
V2.0: 9.0 HIGH
CVE-2017-15619

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the pptphellointerval variable in the pptp_client.lua file.

Published: January 11, 2018; 11:29:00 AM -0500
V4.0:(not available)
V3.0: 7.2 HIGH
V2.0: 9.0 HIGH
CVE-2017-15618

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-enable variable in the pptp_client.lua file.

Published: January 11, 2018; 11:29:00 AM -0500
V4.0:(not available)
V3.0: 7.2 HIGH
V2.0: 9.0 HIGH
CVE-2017-15617

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the iface variable in the interface_wan.lua file.

Published: January 11, 2018; 11:29:00 AM -0500
V4.0:(not available)
V3.0: 7.2 HIGH
V2.0: 9.0 HIGH
CVE-2017-15616

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-interface variable in the phddns.lua file.

Published: January 11, 2018; 11:29:00 AM -0500
V4.0:(not available)
V3.0: 7.2 HIGH
V2.0: 9.0 HIGH
CVE-2017-15615

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the lcpechointerval variable in the pptp_client.lua file.

Published: January 11, 2018; 11:29:00 AM -0500
V4.0:(not available)
V3.0: 7.2 HIGH
V2.0: 9.0 HIGH
CVE-2017-15614

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-outif variable in the pptp_client.lua file.

Published: January 11, 2018; 11:29:00 AM -0500
V4.0:(not available)
V3.0: 7.2 HIGH
V2.0: 9.0 HIGH
CVE-2017-15613

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-interface variable in the cmxddns.lua file.

Published: January 11, 2018; 11:29:00 AM -0500
V4.0:(not available)
V3.0: 7.2 HIGH
V2.0: 9.0 HIGH
CVE-2014-5070

Symmetricom s350i 2.70.15 allows remote authenticated users to gain privileges via vectors related to pushing unauthenticated users to the login page.

Published: January 11, 2018; 11:29:00 AM -0500
V4.0:(not available)
V3.1: 8.8 HIGH
V2.0: 6.5 MEDIUM
CVE-2014-5068

Directory traversal vulnerability in the web application in Symmetricom s350i 2.70.15 allows remote attackers to read arbitrary files via a (1) ../ (dot dot slash) or (2) ..\ (dot dot forward slash) before a file name.

Published: January 11, 2018; 11:29:00 AM -0500
V4.0:(not available)
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2014-0087

The check_privileges method in vmdb/app/controllers/application_controller.rb in ManageIQ, as used in Red Hat CloudForms Management Engine (CFME), allows remote authenticated users to bypass authorization and gain privileges by leveraging improper RBAC checking, related to the rbac_user_edit action.

Published: January 11, 2018; 11:29:00 AM -0500
V4.0:(not available)
V3.0: 8.8 HIGH
V2.0: 6.5 MEDIUM
CVE-2012-6667

Cross-site scripting (XSS) vulnerability in vbshout.php in DragonByte Technologies vBShout module for vBulletin allows remote attackers to inject arbitrary web script or HTML via the shout parameter in a shout action.

Published: January 11, 2018; 11:29:00 AM -0500
V4.0:(not available)
V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2017-4950

VMware Workstation and Fusion contain an integer overflow vulnerability in VMware NAT service when IPv6 mode is enabled. This issue may lead to an out-of-bound read which can then be used to execute code on the host in conjunction with other issues. Note: IPv6 mode for VMNAT is not enabled by default.

Published: January 11, 2018; 9:29:00 AM -0500
V4.0:(not available)
V3.0: 7.0 HIGH
V2.0: 6.9 MEDIUM
CVE-2017-4949

VMware Workstation and Fusion contain a use-after-free vulnerability in VMware NAT service when IPv6 mode is enabled. This issue may allow a guest to execute code on the host. Note: IPv6 mode for VMNAT is not enabled by default.

Published: January 11, 2018; 9:29:00 AM -0500
V4.0:(not available)
V3.0: 7.0 HIGH
V2.0: 6.9 MEDIUM
CVE-2018-0118

A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to perform a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the web-based management interface to click a link that is designed to submit malicious input to the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information on the targeted device. Cisco Bug IDs: CSCvg51264.

Published: January 11, 2018; 4:29:00 AM -0500
V4.0:(not available)
V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2018-5333

In the Linux kernel through 4.14.13, the rds_cmsg_atomic function in net/rds/rdma.c mishandles cases where page pinning fails or an invalid address is supplied, leading to an rds_atomic_free_op NULL pointer dereference.

Published: January 11, 2018; 2:29:00 AM -0500
V4.0:(not available)
V3.0: 5.5 MEDIUM
V2.0: 4.9 MEDIUM
CVE-2018-5332

In the Linux kernel through 3.2, the rds_message_alloc_sgs() function does not validate a value that is used during DMA page allocation, leading to a heap-based out-of-bounds write (related to the rds_rdma_extra_size function in net/rds/rdma.c).

Published: January 11, 2018; 2:29:00 AM -0500
V4.0:(not available)
V3.1: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2018-0014

Juniper Networks ScreenOS devices do not pad Ethernet packets with zeros, and thus some packets can contain fragments of system memory or data from previous packets. This issue is often detected as CVE-2003-0001. The issue affects all versions of Juniper Networks ScreenOS prior to 6.3.0r25.

Published: January 10, 2018; 5:29:01 PM -0500
V4.0:(not available)
V3.0: 6.5 MEDIUM
V2.0: 3.3 LOW