|
198251
|
9.8 |
CRITICAL
Network
|
qnap
|
music_station
|
QNAP discovered a number of command injection vulnerabilities found in Music Station versions 4.8.6 (for QTS 4.2.x), 5.0.7 (for QTS 4.3.x), and earlier. If exploited, these vulnerabilities may allow …
|
CWE-77
Command Injection
|
CVE-2017-13069
|
2024-11-21 12:10 |
2017-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198252
|
7.5 |
HIGH
Network
|
qnap
|
qts_helpdesk
|
QNAP has already patched this vulnerability. This security concern allows a remote attacker to perform an SQL injection on the application and obtain Helpdesk application information. A remote attack…
|
CWE-89
SQL Injection
|
CVE-2017-13068
|
2024-11-21 12:10 |
2017-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198253
|
7.8 |
HIGH
Local
|
myscada
|
mypro
|
An Unquoted Search Path issue was discovered in mySCADA myPRO Versions 7.0.26 and prior. Application services utilize unquoted search path elements, which could allow an attacker to execute arbitrary…
|
CWE-428
Unquoted Search Path or Element
|
CVE-2017-12730
|
2024-11-21 12:10 |
2017-10-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198254
|
6.8 |
MEDIUM
Adjacent
|
ge
|
intelligent_platforms_proficy_hmi\/scada_cimplicity
|
A Stack-based Buffer Overflow issue was discovered in GE CIMPLICITY Versions 9.0 and prior. A function reads a packet to indicate the next packet length. The next packet length is not verified, allow…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-12732
|
2024-11-21 12:10 |
2017-10-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198255
|
7.8 |
HIGH
Local
|
spidercontrol
|
scada_webserver
|
An Improper Privilege Management issue was discovered in SpiderControl SCADA Web Server Version 2.02.0007 and prior. Authenticated, non-administrative local users are able to alter service executable…
|
CWE-269
Improper Privilege Management
|
CVE-2017-12728
|
2024-11-21 12:10 |
2017-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198256
|
9.9 |
CRITICAL
Network
|
sentinel
|
sentinel_ldk_rte_firmware
|
Remote enabling and disabling admin interface in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 leads to new attack vectors.
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2017-12822
|
2024-11-21 12:10 |
2017-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198257
|
9.8 |
CRITICAL
Network
|
sentinel
|
sentinel_ldk_rte_firmware
|
Memory corruption in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 might cause remote code execution.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-12821
|
2024-11-21 12:10 |
2017-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198258
|
7.5 |
HIGH
Network
|
sentinel
|
sentinel_ldk_rte_firmware
|
Arbitrary memory read from controlled memory pointer in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 leads to remote denial of service.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-12820
|
2024-11-21 12:10 |
2017-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198259
|
9.8 |
CRITICAL
Network
|
sentinel
|
sentinel_ldk_rte_firmware
|
Remote manipulations with language pack updater lead to NTLM-relay attack for system user in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55.
|
CWE-287
Improper Authentication
|
CVE-2017-12819
|
2024-11-21 12:10 |
2017-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198260
|
7.5 |
HIGH
Network
|
sentinel
|
sentinel_ldk_rte_firmware
|
Stack overflow in custom XML-parser in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 leads to remote denial of service.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-12818
|
2024-11-21 12:10 |
2017-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
