Total
33392 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-1123 | 1 Microsoft | 5 Windows 2000, Windows Server 2003, Windows Server 2008 and 2 more | 2025-10-22 | 7.2 HIGH | 7.8 HIGH |
| The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate changes to unspecified kernel objects, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Desktop Vulnerability." | |||||
| CVE-2008-3431 | 1 Oracle | 1 Virtualbox | 2025-10-22 | 7.2 HIGH | 8.8 HIGH |
| The VBoxDrvNtDeviceControl function in VBoxDrv.sys in Sun xVM VirtualBox before 1.6.4 uses the METHOD_NEITHER communication method for IOCTLs and does not properly validate a buffer associated with the Irp object, which allows local users to gain privileges by opening the \\.\VBoxDrv device and calling DeviceIoControl to send a crafted kernel address. | |||||
| CVE-2007-3010 | 1 Al-enterprise | 1 Omnipcx Enterprise Communication Server | 2025-10-22 | 10.0 HIGH | 9.8 CRITICAL |
| masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server R7.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the user parameter during a ping action. | |||||
| CVE-2007-0671 | 1 Microsoft | 14 Access, Excel, Excel Viewer and 11 more | 2025-10-22 | 9.3 HIGH | 8.8 HIGH |
| Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 for Mac, and possibly other Office products, allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as demonstrated by Exploit-MSExcel.h in targeted zero-day attacks. | |||||
| CVE-2006-1547 | 1 Apache | 2 Commons Beanutils, Struts | 2025-10-22 | 7.8 HIGH | 7.5 HIGH |
| ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils. | |||||
| CVE-2005-2773 | 1 Hp | 1 Openview Network Node Manager | 2025-10-22 | 7.5 HIGH | 9.8 CRITICAL |
| HP OpenView Network Node Manager 6.2 through 7.50 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) node parameter to connectedNodes.ovpl, (2) cdpView.ovpl, (3) freeIPaddrs.ovpl, and (4) ecscmg.ovpl. | |||||
| CVE-2004-1464 | 1 Cisco | 1 Ios | 2025-10-22 | 5.0 MEDIUM | 5.9 MEDIUM |
| Cisco IOS 12.2(15) and earlier allows remote attackers to cause a denial of service (refused VTY (virtual terminal) connections), via a crafted TCP connection to the Telnet or reverse Telnet port. | |||||
| CVE-2002-0367 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2025-10-22 | 7.2 HIGH | 7.8 HIGH |
| smss.exe debugging subsystem in Windows NT and Windows 2000 does not properly authenticate programs that connect to other programs, which allows local users to gain administrator or SYSTEM privileges by duplicating a handle to a privileged process, as demonstrated by DebPloit. | |||||
| CVE-2017-8759 | 1 Microsoft | 11 .net Framework, Windows 10 1507, Windows 10 1511 and 8 more | 2025-10-22 | 9.3 HIGH | 7.8 HIGH |
| Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to execute code remotely via a malicious document or application, aka ".NET Framework Remote Code Execution Vulnerability." | |||||
| CVE-2017-8570 | 1 Microsoft | 1 Office | 2025-10-22 | 9.3 HIGH | 7.8 HIGH |
| Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka "Microsoft Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0243. | |||||
| CVE-2017-8464 | 1 Microsoft | 9 Windows 10 1511, Windows 10 1607, Windows 10 1703 and 6 more | 2025-10-22 | 9.3 HIGH | 8.8 HIGH |
| Windows Shell in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows local users or remote attackers to execute arbitrary code via a crafted .LNK file, which is not properly handled during icon display in Windows Explorer or any other application that parses the icon of the shortcut. aka "LNK Remote Code Execution Vulnerability." | |||||
| CVE-2017-6663 | 1 Cisco | 2 Ios, Ios Xe | 2025-10-22 | 6.1 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the Autonomic Networking feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause autonomic nodes of an affected system to reload, resulting in a denial of service (DoS) condition. More Information: CSCvd88936. Known Affected Releases: Denali-16.2.1 Denali-16.3.1. | |||||
| CVE-2017-6327 | 1 Symantec | 1 Message Gateway | 2025-10-22 | 6.5 MEDIUM | 8.8 HIGH |
| The Symantec Messaging Gateway before 10.6.3-267 can encounter an issue of remote code execution, which describes a situation whereby an individual may obtain the ability to execute commands remotely on a target machine or in a target process. In this type of occurrence, after gaining access to the system, the attacker may attempt to elevate their privileges. | |||||
| CVE-2017-6316 | 1 Citrix | 1 Netscaler Sd-wan | 2025-10-22 | 10.0 HIGH | 9.8 CRITICAL |
| Citrix NetScaler SD-WAN devices through v9.1.2.26.561201 allow remote attackers to execute arbitrary shell commands as root via a CGISESSID cookie. On CloudBridge (the former name of NetScaler SD-WAN) devices, the cookie name was CAKEPHP rather than CGISESSID. | |||||
| CVE-2017-5689 | 3 Hpe, Intel, Siemens | 71 Proliant Ml10 Gen9 Server, Proliant Ml10 Gen9 Server Firmware, Active Management Technology Firmware and 68 more | 2025-10-22 | 10.0 HIGH | 9.8 CRITICAL |
| An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs: Intel Active Management Technology (AMT) and Intel Standard Manageability (ISM). An unprivileged local attacker could provision manageability features gaining unprivileged network or local system privileges on Intel manageability SKUs: Intel Active Management Technology (AMT), Intel Standard Manageability (ISM), and Intel Small Business Technology (SBT). | |||||
| CVE-2017-5521 | 1 Netgear | 26 Ac1450, Ac1450 Firmware, D6220 and 23 more | 2025-10-22 | 4.3 MEDIUM | 8.1 HIGH |
| An issue was discovered on NETGEAR R8500, R8300, R7000, R6400, R7300, R7100LG, R6300v2, WNDR3400v3, WNR3500Lv2, R6250, R6700, R6900, and R8000 devices. They are prone to password disclosure via simple crafted requests to the web management server. The bug is exploitable remotely if the remote management option is set, and can also be exploited given access to the router over LAN or WLAN. When trying to access the web panel, a user is asked to authenticate; if the authentication is canceled and password recovery is not enabled, the user is redirected to a page that exposes a password recovery token. If a user supplies the correct token to the page /passwordrecovered.cgi?id=TOKEN (and password recovery is not enabled), they will receive the admin password for the router. If password recovery is set the exploit will fail, as it will ask the user for the recovery questions that were previously set when enabling that feature. This is persistent (even after disabling the recovery option, the exploit will fail) because the router will ask for the security questions. | |||||
| CVE-2017-3506 | 1 Oracle | 1 Weblogic Server | 2025-10-22 | 5.8 MEDIUM | 7.4 HIGH |
| Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.0, 12.2.1.1 and 12.2.1.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle WebLogic Server accessible data as well as unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N). | |||||
| CVE-2017-17562 | 2 Embedthis, Oracle | 2 Goahead, Integrated Lights Out Manager | 2025-10-22 | 6.8 MEDIUM | 8.1 HIGH |
| Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked. This is a result of initializing the environment of forked CGI scripts using untrusted HTTP request parameters in the cgiHandler function in cgi.c. When combined with the glibc dynamic linker, this behaviour can be abused for remote code execution using special parameter names such as LD_PRELOAD. An attacker can POST their shared object payload in the body of the request, and reference it using /proc/self/fd/0. | |||||
| CVE-2017-15944 | 1 Paloaltonetworks | 1 Pan-os | 2025-10-22 | 7.5 HIGH | 9.8 CRITICAL |
| Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.6 allows remote attackers to execute arbitrary code via vectors involving the management interface. | |||||
| CVE-2017-12238 | 1 Cisco | 20 C6800-16p10g, C6800-16p10g-xl, Catalyst 6000 and 17 more | 2025-10-22 | 3.3 LOW | 6.5 MEDIUM |
| A vulnerability in the Virtual Private LAN Service (VPLS) code of Cisco IOS 15.0 through 15.4 for Cisco Catalyst 6800 Series Switches could allow an unauthenticated, adjacent attacker to cause a C6800-16P10G or C6800-16P10G-XL type line card to crash, resulting in a denial of service (DoS) condition. The vulnerability is due to a memory management issue in the affected software. An attacker could exploit this vulnerability by creating a large number of VPLS-generated MAC entries in the MAC address table of an affected device. A successful exploit could allow the attacker to cause a C6800-16P10G or C6800-16P10G-XL type line card to crash, resulting in a DoS condition. This vulnerability affects Cisco Catalyst 6800 Series Switches that are running a vulnerable release of Cisco IOS Software and have a Cisco C6800-16P10G or C6800-16P10G-XL line card in use with Supervisor Engine 6T. To be vulnerable, the device must also be configured with VPLS and the C6800-16P10G or C6800-16P10G-XL line card needs to be the core-facing MPLS interfaces. Cisco Bug IDs: CSCva61927. | |||||