Critical · CVSS 9.8
An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series versions prior to 2.4, NPort 5600-8-DTL Series versions prior to 2.4, NPort 6x50 Series versions prior to 1.13.11, NPort IA5450A versions prior to v1.4. Firmware can be updated over the network without authentication, which may allow remote code execution.
Published Feb 13, 2017 · Updated Jun 2, 2026
High · CVSS 7.5
An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series versions prior to 2.4, NPort 5600-8-DTL Series versions prior to 2.4, NPort 6x50 Series versions prior to 1.13.11, NPort IA5450A versions prior to v1.4. The amount of resources requested by a malicious actor is not restricted, leading to a denial-of-service caused by resource exhaustion.
Published Feb 13, 2017 · Updated Jun 2, 2026
Critical · CVSS 9.8
An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series versions prior to 2.4, NPort 5600-8-DTL Series versions prior to 2.4, NPort 6x50 Series versions prior to 1.13.11, NPort IA5450A versions prior to v1.4. An attacker can freely use brute force to determine parameters needed to bypass authentication.
Published Feb 13, 2017 · Updated Jun 2, 2026
High · CVSS 8.8
An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series versions prior to 2.4, NPort 5600-8-DTL Series versions prior to 2.4, NPort 6x50 Series versions prior to 1.13.11, NPort IA5450A versions prior to v1.4. Requests are not verified to be intentionally submitted by the proper user (CROSS-SITE REQUEST FORGERY).
Published Feb 13, 2017 · Updated Jun 2, 2026
High · CVSS 7.3
An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series versions prior to 2.4, NPort 5600-8-DTL Series versions prior to 2.4, NPort 6x50 Series versions prior to 1.13.11, NPort IA5450A versions prior to v1.4. Buffer overflow vulnerability may allow an unauthenticated attacker to remotely execute arbitrary code.
Published Feb 13, 2017 · Updated Jun 2, 2026
Critical · CVSS 9.8
An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series versions prior to 2.4, NPort 5600-8-DTL Series versions prior to 2.4, NPort 6x50 Series versions prior to 1.13.11, NPort IA5450A versions prior to v1.4. Administration passwords can be retried without authenticating.
Published Feb 13, 2017 · Updated Jun 2, 2026
Medium · CVSS 5.9
sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enumerate users by leveraging the timing difference between responses when a large password is provided.
Published Feb 13, 2017 · Updated May 29, 2026
High · CVSS 7.8 · CISA KEV
The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows local users to gain privileges via a crafted application, aka "Windows Elevation of Privilege Vulnerability."
Published Feb 10, 2016 · Updated Oct 21, 2025
High · CVSS 8.8 · CISA KEV
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0973, CVE-2016-0974, CVE-2016-0975, CVE-2016-0982, and CVE-2016-0983.
Published Feb 10, 2016 · Updated Oct 21, 2025
High · CVSS 7.5 · CISA KEV
Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. (dot dot) in a pathname.
Published Feb 16, 2016 · Updated Oct 21, 2025
Critical · CVSS 9.8 · CISA KEV
SQL injection vulnerability in the UDDI server in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2101079.
Published Feb 16, 2016 · Updated Oct 21, 2025
Medium · CVSS 5.3 · CISA KEV
The Universal Worklist Configuration in SAP NetWeaver AS JAVA 7.4 allows remote attackers to obtain sensitive user information via a crafted HTTP request, aka SAP Security Note 2256846.
Published Feb 16, 2016 · Updated Oct 21, 2025
Medium · CVSS 4.6
chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.
Published Feb 7, 2017 · Updated Jun 9, 2025
Unknown · CVSS Not scored
The presence of a hardcoded account named 'core' in Fortinet FortiWLC allows attackers to gain unauthorized read/write access via a remote shell.
Published Feb 1, 2017 · Updated Oct 25, 2024
Unknown · CVSS Not scored
The implementation of an ANSI X9.31 RNG in Fortinet FortiGate allows attackers to gain unauthorized read access to data handled by the device via IPSec/TLS decryption.
Published Feb 8, 2017 · Updated Oct 25, 2024
Unknown · CVSS Not scored
Insufficient verification of uploaded files allows attackers with webui administrators privileges to perform arbitrary code execution by uploading a new webui theme.
Published Feb 9, 2017 · Updated Oct 25, 2024
Unknown · CVSS Not scored
An improper certificate validation vulnerability in Fortinet FortiManager 5.0.6 through 5.2.7 and 5.4.0 through 5.4.1 allows remote attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack via the Fortisandbox devices probing feature.
Published Feb 13, 2017 · Updated Oct 25, 2024
Unknown · CVSS Not scored
The aio_mount function in fs/aio.c in the Linux kernel before 4.7.7 does not properly restrict execute access, which makes it easier for local users to bypass intended SELinux W^X policy restrictions, and consequently gain privileges, via an io_setup system call.
Published Feb 7, 2017 · Updated Oct 21, 2024
Unknown · CVSS Not scored
A Remote Arbitrary Command Execution vulnerability in HPE StoreVirtual 4000 Storage and StoreVirtual VSA Software running LeftHand OS version v12.5 and earlier was found. The problem was resolved in LeftHand OS v12.6 or any subsequent version.
Published Feb 15, 2018 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Joomla extension DT Register version before 3.1.12 (Joomla 3.x) / 2.8.18 (Joomla 2.5) contains an SQL injection in "/index.php?controller=calendar&format=raw&cat[0]=SQLi&task=events". This attack appears to be exploitable if the attacker can reach the web server.
Published Feb 4, 2019 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Apache Karaf prior to 4.0.8 used the LDAPLoginModule to authenticate users to a directory via LDAP. However, it did not encoding usernames properly and hence was vulnerable to LDAP injection attacks leading to a denial of service.
Published Feb 19, 2018 · Updated Sep 17, 2024
Unknown · CVSS Not scored
The Windows installer that the Apache CouchDB team provides was vulnerable to local privilege escalation. All files in the install inherit the file permissions of the parent directory and therefore a non-privileged user can substitute any executable for the nssm.exe service launcher, or CouchDB batch or binary files. A subsequent service or server restart will then run that binary with administrator privilege. This issue affected CouchDB 2.0.0 (Windows platform only) and was addressed in CouchDB 2.0.0.1.
Published Feb 12, 2018 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Apache CloudStack 4.1 to 4.8.1.0 and 4.9.0.0 contain an API call designed to allow a user to register for the developer API. If a malicious user is able to determine the ID of another (non-"root") CloudStack user, the malicious user may be able to reset the API keys for the other user, in turn accessing their account and resources.
Published Feb 6, 2018 · Updated Sep 17, 2024
Unknown · CVSS Not scored
A remote denial of service vulnerability in HPE Systems Insight Manager in all versions prior to 7.6 was found.
Published Feb 15, 2018 · Updated Sep 17, 2024
Unknown · CVSS Not scored
A remote malicious file upload vulnerability in HPE Version Control Repository Manager (VCRM) was found. The problem impacts all versions prior to 7.6.
Published Feb 15, 2018 · Updated Sep 17, 2024
Unknown · CVSS Not scored
A remote HTTP parameter Pollution vulnerability in HPE Matrix Operating Environment version 7.6 was found.
Published Feb 15, 2018 · Updated Sep 17, 2024
Unknown · CVSS Not scored
A Remote click jacking vulnerability in HPE Diagnostics version 9.24 IP1, 9.26 , 9.26IP1 was found.
Published Feb 15, 2018 · Updated Sep 16, 2024
Unknown · CVSS Not scored
HPE Helion Eucalyptus v4.3.0 and earlier does not correctly check IAM user's permissions for accessing versioned objects and ACLs. In some cases, authenticated users with S3 permissions could also access versioned data.
Published Feb 15, 2018 · Updated Sep 16, 2024
Unknown · CVSS Not scored
A cross site scripting vulnerability in HPE Systems Insight Manager in all versions prior to 7.6 was found.
Published Feb 15, 2018 · Updated Sep 16, 2024
Unknown · CVSS Not scored
A remote denial of service vulnerability in HPE Systems Insight Manager in all versions prior to 7.6 was found.
Published Feb 15, 2018 · Updated Sep 16, 2024
Unknown · CVSS Not scored
A Remote Escalation of Privilege vulnerability in HPE Helion Eucalyptus version 3.3.0 through 4.3.1 was found.
Published Feb 15, 2018 · Updated Sep 16, 2024
Unknown · CVSS Not scored
A cross-site scripting vulnerability in HPE Diagnostics version 9.24 IP1, 9.26 , 9.26IP1 was found.
Published Feb 15, 2018 · Updated Sep 16, 2024
Unknown · CVSS Not scored
A remote denial of service vulnerability in HPE iMC PLAT version v7.2 E0403P06 and earlier was found. The problem was resolved in iMC PLAT 7.3 E0504 or subsequent version.
Published Feb 15, 2018 · Updated Sep 16, 2024
Unknown · CVSS Not scored
The Apache Thrift Go client library exposed the potential during code generation for command injection due to using an external formatting tool. Affected Apache Thrift 0.9.3 and older, Fixed in Apache Thrift 0.10.0.
Published Feb 12, 2018 · Updated Sep 16, 2024
Unknown · CVSS Not scored
A Cross-Site Request Forgery (CSRF) vulnerability in HPE Version Control Repository Manager (VCRM) was found. The problem impacts all versions prior to 7.6.
Published Feb 15, 2018 · Updated Sep 16, 2024
Unknown · CVSS Not scored
A remote information disclosure in HPE Version Control Repository Manager (VCRM) was found. The problem impacts all versions prior to 7.6.
Published Feb 15, 2018 · Updated Sep 16, 2024
Unknown · CVSS Not scored
A Remote Code Execution vulnerability in all versions of HPE LoadRunner and Performance Center was found.
Published Feb 15, 2018 · Updated Sep 16, 2024
Unknown · CVSS Not scored
A Remote Code Execution vulnerability in HPE Network Automation using RPCServlet and Java Deserialization version v9.1x, v9.2x, v10.00, v10.00.01, v10.00.02, v10.10, v10.11, v10.11.01, v10.20 was found.
Published Feb 15, 2018 · Updated Sep 16, 2024
Unknown · CVSS Not scored
A remote information disclosure vulnerability in HPE Matrix Operating Environment version 7.6 was found.
Published Feb 15, 2018 · Updated Sep 16, 2024
Unknown · CVSS Not scored
A remote code execution vulnerability in HPE Operations Orchestration Community edition and Enterprise edition prior to v10.70 was found.
Published Feb 15, 2018 · Updated Sep 16, 2024
Unknown · CVSS Not scored
A remote priviledge escalation vulnerability in HPE Matrix Operating Environment version 7.6 was found.
Published Feb 15, 2018 · Updated Sep 16, 2024
Unknown · CVSS Not scored
A remote privilege elevation vulnerability in HPE Matrix Operating Environment version 7.6 was found.
Published Feb 15, 2018 · Updated Sep 16, 2024
Unknown · CVSS Not scored
A Remote Disclosure of Information vulnerability in HPE iMC PLAT version v7.2 E0403P06 and earlier was found. The problem was resolved in iMC PLAT 7.3 E0504 or subsequent version.
Published Feb 15, 2018 · Updated Sep 16, 2024
Unknown · CVSS Not scored
duck before 0.10 did not properly handle loading of untrusted code from the current directory.
Published Feb 19, 2022 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Multiple cross-site request forgery (CSRF) vulnerabilities in the Organizations and Remediation management page in Enterprise Manager in McAfee Vulnerability Manager (MVM) before 7.5.10 allow remote attackers to hijack the authentication of administrators for requests that have unspecified impact via unknown vectors.
Published Feb 1, 2016 · Updated Sep 16, 2024
Unknown · CVSS Not scored
A Remote Arbitrary Code Execution vulnerability in HPE Smart Storage Administrator version before v2.60.18.0 was found.
Published Feb 15, 2018 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Comcast XFINITY Home Security System does not properly maintain base-station communication, which allows physically proximate attackers to defeat sensor functionality by interfering with ZigBee 2.4 GHz transmissions.
Published Feb 17, 2016 · Updated Sep 16, 2024
Unknown · CVSS Not scored
A cross site scripting vulnerability in HPE Matrix Operating Environment version 7.6 was found.
Published Feb 15, 2018 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Haraka version 2.8.8 and earlier comes with a plugin for processing attachments for zip files. Versions 2.8.8 and earlier can be vulnerable to command injection.
Published Feb 5, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
HHVM does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. This issue affects HHVM versions prior to 3.9.6, all versions between 3.10.0 and 3.12.4 (inclusive), and all versions between 3.13.0 and 3.14.2 (inclusive).
Published Feb 19, 2020 · Updated Aug 6, 2024