Search
Total
17685 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-9626 | 1 Marel | 2 Pluto1203, Pluto2 | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| Systems using the Marel Food Processing Systems Pluto platform do not restrict remote access. Marel has created an update for Pluto-based applications. This update will restrict remote access by implementing SSH authentication. | |||||
| CVE-2017-9283 | 1 Microfocus | 1 Visibroker | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| An out-of-bounds read (CWE-125) vulnerability exists in Micro Focus VisiBroker 8.5. The feasibility of leveraging this vulnerability for further attacks was not assessed. | |||||
| CVE-2017-9282 | 1 Microfocus | 1 Visibroker | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| An integer overflow (CWE-190) led to an out-of-bounds write (CWE-787) on a heap-allocated area, leading to heap corruption in Micro Focus VisiBroker 8.5. The feasibility of leveraging this vulnerability for further attacks was not assessed. | |||||
| CVE-2017-9278 | 1 Netiq | 1 Identity Manager | 2019-10-09 | 5.0 MEDIUM | 9.8 CRITICAL |
| The NetIQ Identity Manager Oracle EBS driver before 4.0.2.0 sent EBS logs containing the driver authentication password, potentially disclosing this to attackers able to read the EBS tables. | |||||
| CVE-2017-9270 | 1 Opensuse | 1 Cryptctl | 2019-10-09 | 8.5 HIGH | 9.1 CRITICAL |
| In cryptctl before version 2.0 a malicious server could send RPC requests that could overwrite files outside of the cryptctl key database. | |||||
| CVE-2017-6869 | 1 Siemens | 1 Viewport For Web Office Portal | 2019-10-09 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability was discovered in Siemens ViewPort for Web Office Portal before revision number 1453 that could allow an unauthenticated remote user to upload arbitrary code and execute it with the permissions of the operating-system user running the web server by sending specially crafted network packets to port 443/TCP or port 80/TCP. | |||||
| CVE-2017-6747 | 1 Cisco | 1 Identity Services Engine | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability in the authentication module of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to bypass local authentication. The vulnerability is due to improper handling of authentication requests and policy assignment for externally authenticated users. An attacker could exploit this vulnerability by authenticating with a valid external user account that matches an internal username and incorrectly receiving the authorization policy of the internal account. An exploit could allow the attacker to have Super Admin privileges for the ISE Admin portal. This vulnerability does not affect endpoints authenticating to the ISE. The vulnerability affects Cisco ISE, Cisco ISE Express, and Cisco ISE Virtual Appliance running Release 1.3, 1.4, 2.0.0, 2.0.1, or 2.1.0. Release 2.2.x is not affected. Cisco Bug IDs: CSCvb10995. | |||||
| CVE-2017-7426 | 1 Netiq | 1 Identity Manager | 2019-10-09 | 6.4 MEDIUM | 9.1 CRITICAL |
| The NetIQ Identity Manager Plugins before 4.6.1 contained various XML External XML Entity (XXE) handling flaws that could be used by attackers to leak information or cause denial of service attacks. | |||||
| CVE-2017-7434 | 1 Netiq | 1 Identity Manager | 2019-10-09 | 5.0 MEDIUM | 9.8 CRITICAL |
| In the JDBC driver of NetIQ Identity Manager before 4.6 sending out incorrect XML configurations could result in passwords being logged into exception logfiles. | |||||
| CVE-2017-7464 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| It was found that the JAXP implementation used in JBoss EAP 7.0 for SAX and DOM parsing is vulnerable to certain XXE flaws. An attacker could use this flaw to cause DoS, SSRF, or information disclosure if they are able to provide XML content for parsing. | |||||
| CVE-2017-7465 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| It was found that the JAXP implementation used in JBoss EAP 7.0 for XSLT processing is vulnerable to code injection. An attacker could use this flaw to cause remote code execution if they are able to provide XSLT content for parsing. Doing a transform in JAXP requires the use of a 'javax.xml.transform.TransformerFactory'. If the FEATURE_SECURE_PROCESSING feature is set to 'true', it mitigates this vulnerability. | |||||
| CVE-2017-7467 | 1 Minicom Project | 1 Minicom | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| A buffer overflow flaw was found in the way minicom before version 2.7.1 handled VT100 escape sequences. A malicious terminal device could potentially use this flaw to crash minicom, or execute arbitrary code in the context of the minicom process. | |||||
| CVE-2017-7470 | 1 Redhat | 2 Satellite, Spacewalk | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| It was found that spacewalk-channel can be used by a non-admin user or disabled users to perform administrative tasks due to an incorrect authorization check in backend/server/rhnChannel.py. | |||||
| CVE-2017-7540 | 1 Safemode Project | 1 Safemode | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| rubygem-safemode, as used in Foreman, versions 1.3.2 and earlier are vulnerable to bypassing safe mode limitations via special Ruby syntax. This can lead to deletion of objects for which the user does not have delete permissions or possibly to privilege escalation. | |||||
| CVE-2017-7546 | 2 Debian, Postgresql | 2 Debian Linux, Postgresql | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to incorrect authentication flaw allowing remote attackers to gain access to database accounts with an empty password. | |||||
| CVE-2017-7909 | 1 Advantech B\+b Smartworx | 2 Mesr901, Mesr901 Firmware | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| A Use of Client-Side Authentication issue was discovered in Advantech B+B SmartWorx MESR901 firmware versions 1.5.2 and prior. The web interface uses JavaScript to check client authentication and redirect unauthorized users. Attackers may intercept requests and bypass authentication to access restricted web pages. | |||||
| CVE-2017-7902 | 1 Rockwellautomation | 21 1763-l16awa Series A, 1763-l16awa Series B, 1763-l16bbb Series A and 18 more | 2019-10-09 | 5.0 MEDIUM | 9.8 CRITICAL |
| A "Reusing a Nonce, Key Pair in Encryption" issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and prior versions; 1763-L16BWA, Series A and B, Version 16.00 and prior versions; and 1763-L16DWD, Series A and B, Version 16.00 and prior versions and Allen-Bradley MicroLogix 1400 programmable logic controllers 1766-L32AWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWAA, Series A and B, Version 16.00 and prior versions; 1766-L32BXB, Series A and B, Version 16.00 and prior versions; 1766-L32BXBA, Series A and B, Version 16.00 and prior versions; and 1766-L32AWAA, Series A and B, Version 16.00 and prior versions. The affected product reuses nonces, which may allow an attacker to capture and replay a valid request until the nonce is changed. | |||||
| CVE-2017-7905 | 1 Ge | 20 Multilin Sr 369 Motor Protection Relay, Multilin Sr 369 Motor Protection Relay Firmware, Multilin Sr 469 Motor Protection Relay and 17 more | 2019-10-09 | 5.0 MEDIUM | 9.8 CRITICAL |
| A Weak Cryptography for Passwords issue was discovered in General Electric (GE) Multilin SR 750 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 760 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 469 Motor Protection Relay, firmware versions prior to Version 5.23; SR 489 Generator Protection Relay, firmware versions prior to Version 4.06; SR 745 Transformer Protection Relay, firmware versions prior to Version 5.23; SR 369 Motor Protection Relay, all firmware versions; Multilin Universal Relay, firmware Version 6.0 and prior versions; and Multilin URplus (D90, C90, B95), all versions. Ciphertext versions of user passwords were created with a non-random initialization vector leaving them susceptible to dictionary attacks. Ciphertext of user passwords can be obtained from the front LCD panel of affected products and through issued Modbus commands. | |||||
| CVE-2017-7915 | 1 Moxa | 12 Oncell 5004-hspa, Oncell 5004-hspa Firmware, Oncell 5104-hsdpa and 9 more | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| An Improper Restriction of Excessive Authentication Attempts issue was discovered in Moxa OnCell G3110-HSPA Version 1.3 build 15082117 and previous versions, OnCell G3110-HSDPA Version 1.2 Build 09123015 and previous versions, OnCell G3150-HSDPA Version 1.4 Build 11051315 and previous versions, OnCell 5104-HSDPA, OnCell 5104-HSPA, and OnCell 5004-HSPA. An attacker can freely use brute force to determine parameters needed to bypass authentication. | |||||
| CVE-2017-7420 | 1 Microfocus | 3 Enterprise Developer, Enterprise Server, Enterprise Server Monitor And Control | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| An Authentication Bypass (CWE-287) vulnerability in ESMAC (aka Enterprise Server Monitor and Control) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers to view and alter configuration information and alter the state of the running product (CWE-275). | |||||
| CVE-2017-7913 | 1 Moxa | 12 Oncell 5004-hspa, Oncell 5004-hspa Firmware, Oncell 5104-hsdpa and 9 more | 2019-10-09 | 5.0 MEDIUM | 9.8 CRITICAL |
| A Plaintext Storage of a Password issue was discovered in Moxa OnCell G3110-HSPA Version 1.3 build 15082117 and previous versions, OnCell G3110-HSDPA Version 1.2 Build 09123015 and previous versions, OnCell G3150-HSDPA Version 1.4 Build 11051315 and previous versions, OnCell 5104-HSDPA, OnCell 5104-HSPA, and OnCell 5004-HSPA. The application's configuration file contains parameters that represent passwords in plaintext. | |||||
| CVE-2017-7912 | 1 Hanwhasecurity | 2 Srn-4000, Srn-4000 Firmware | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| Hanwha Techwin SRN-4000, SRN-4000 firmware versions prior to SRN4000_v2.16_170401, A specially crafted http request and response could allow an attacker to gain access to the device management page with admin privileges without proper authentication. | |||||
| CVE-2017-7925 | 1 Dahuasecurity | 30 Ddh-hcvr4xxx, Dh-hcvr4xxx Firmware, Dh-hcvr5xxx and 27 more | 2019-10-09 | 5.0 MEDIUM | 9.8 CRITICAL |
| A Password in Configuration File issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN, DH-IPC-HDW1XXX, DH-IPC-HDW2XXX, DH-IPC-HDW4XXX, DH-IPC-HFW1XXX, DH-IPC-HFW2XXX, DH-IPC-HFW4XXX, DH-SD6CXX, DH-NVR1XXX, DH-HCVR4XXX, DH-HCVR5XXX, DHI-HCVR51A04HE-S3, DHI-HCVR51A08HE-S3, and DHI-HCVR58A32S-S2 devices. The password in configuration file vulnerability was identified, which could lead to a malicious user assuming the identity of a privileged user and gaining access to sensitive information. | |||||
| CVE-2017-7928 | 1 Selinc | 4 Sel-3620, Sel-3620 Firmware, Sel-3622 and 1 more | 2019-10-09 | 7.5 HIGH | 10.0 CRITICAL |
| An Improper Access Control issue was discovered in Schweitzer Engineering Laboratories (SEL) SEL-3620 and SEL-3622 Security Gateway Versions R202 and, R203, R203-V1, R203-V2 and, R204, R204-V1. The device does not properly enforce access control while configured for NAT port forwarding, which may allow for unauthorized communications to downstream devices. | |||||
| CVE-2017-7919 | 1 Newport | 4 Xps-cx, Xps-cx Firmware, Xps-qx and 1 more | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| An Improper Authentication issue was discovered in Newport XPS-Cx and XPS-Qx. An attacker may bypass authentication by accessing a specific uniform resource locator (URL). | |||||
| CVE-2017-7504 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| HTTPServerILServlet.java in JMS over HTTP Invocation Layer of the JbossMQ implementation, which is enabled by default in Red Hat Jboss Application Server <= Jboss 4.X does not restrict the classes for which it performs deserialization, which allows remote attackers to execute arbitrary code via crafted serialized data. | |||||
| CVE-2017-6027 | 1 Codesys | 1 Web Server | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| An Arbitrary File Upload issue was discovered in 3S-Smart Software Solutions GmbH CODESYS Web Server. The following versions of CODESYS Web Server, part of the CODESYS WebVisu web browser visualization software, are affected: CODESYS Web Server Versions 2.3 and prior. A specially crafted web server request may allow the upload of arbitrary files (with a dangerous type) to the CODESYS Web Server without authorization which may allow remote code execution. | |||||
| CVE-2017-6022 | 1 Bd | 2 Kla Journal Service, Performa | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| A hard-coded password issue was discovered in Becton, Dickinson and Company (BD) PerformA, Version 2.0.14.0 and prior versions, and KLA Journal Service, Version 1.0.51 and prior versions. They use hard-coded passwords to access the BD Kiestra Database, which could be leveraged to compromise the confidentiality of limited PHI/PII information stored in the BD Kiestra Database. | |||||
| CVE-2017-6709 | 1 Cisco | 1 Ultra Services Framework | 2019-10-09 | 5.0 MEDIUM | 9.8 CRITICAL |
| A vulnerability in the AutoVNF tool for the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to access administrative credentials for Cisco Elastic Services Controller (ESC) and Cisco OpenStack deployments in an affected system. The vulnerability exists because the affected software logs administrative credentials in clear text for Cisco ESC and Cisco OpenStack deployment purposes. An attacker could exploit this vulnerability by accessing the AutoVNF URL for the location where the log files are stored and subsequently accessing the administrative credentials that are stored in clear text in those log files. This vulnerability affects all releases of the Cisco Ultra Services Framework prior to Releases 5.0.3 and 5.1. Cisco Bug IDs: CSCvc76659. | |||||
| CVE-2017-6034 | 1 Schneider-electric | 2 Modbus, Modbus Firmware | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| An Authentication Bypass by Capture-Replay issue was discovered in Schneider Electric Modicon Modbus Protocol. Sensitive information is transmitted in cleartext in the Modicon Modbus protocol, which may allow an attacker to replay the following commands: run, stop, upload, and download. | |||||
| CVE-2017-6711 | 1 Cisco | 1 Ultra Services Framework | 2019-10-09 | 6.4 MEDIUM | 9.1 CRITICAL |
| A vulnerability in the Ultra Automation Service (UAS) of the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to gain unauthorized access to a targeted device. The vulnerability is due to an insecure default configuration of the Apache ZooKeeper service used by the affected software. An attacker could exploit this vulnerability by accessing the affected device through the orchestrator network. An exploit could allow the attacker to gain access to ZooKeeper data nodes (znodes) and influence the behavior of the system's high-availability feature. This vulnerability affects all releases of Cisco Ultra Services Framework UAS prior to Releases 5.0.3 and 5.1. Cisco Bug IDs: CSCvd29395. | |||||
| CVE-2017-6025 | 1 Codesys | 1 Web Server | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| A Stack Buffer Overflow issue was discovered in 3S-Smart Software Solutions GmbH CODESYS Web Server. The following versions of CODESYS Web Server, part of the CODESYS WebVisu web browser visualization software, are affected: CODESYS Web Server Versions 2.3 and prior. A malicious user could overflow the stack buffer by providing overly long strings to functions that handle the XML. Because the function does not verify string size before copying to memory, the attacker may then be able to crash the application or run arbitrary code. | |||||
| CVE-2017-5249 | 1 Wink | 1 Wink | 2019-10-09 | 5.0 MEDIUM | 9.8 CRITICAL |
| In version 6.1.0.19 and prior of Wink Labs's Wink - Smart Home Android app, the OAuth token used by the app to authorize user access is not stored in an encrypted and secure manner. | |||||
| CVE-2017-6714 | 1 Cisco | 1 Ultra Services Framework Staging Server | 2019-10-09 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability in the AutoIT service of Cisco Ultra Services Framework Staging Server could allow an unauthenticated, remote attacker to execute arbitrary shell commands as the Linux root user. The vulnerability is due to improper shell invocations. An attacker could exploit this vulnerability by crafting CLI command inputs to execute Linux shell commands as the root user. This vulnerability affects all releases of Cisco Ultra Services Framework Staging Server prior to Releases 5.0.3 and 5.1. Cisco Bug IDs: CSCvc76673. | |||||
| CVE-2017-6713 | 1 Cisco | 1 Elastic Services Controller | 2019-10-09 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability in the Play Framework of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to gain full access to the affected system. The vulnerability is due to static, default credentials for the Cisco ESC UI that are shared between installations. An attacker who can extract the static credentials from an existing installation of Cisco ESC could generate an admin session token that allows access to all instances of the ESC web UI. This vulnerability affects Cisco Elastic Services Controller prior to releases 2.3.1.434 and 2.3.2. Cisco Bug IDs: CSCvc76627. | |||||
| CVE-2017-5250 | 1 Insteon | 1 Insteon For Hub | 2019-10-09 | 5.0 MEDIUM | 9.8 CRITICAL |
| In version 1.9.7 and prior of Insteon's Insteon for Hub Android app, the OAuth token used by the app to authorize user access is not stored in an encrypted and secure manner. | |||||
| CVE-2017-6044 | 1 Sierra Wireless | 4 Airlink Raven Xe, Airlink Raven Xe Firmware, Airlink Raven Xt and 1 more | 2019-10-09 | 10.0 HIGH | 9.8 CRITICAL |
| An Improper Authorization issue was discovered in Sierra Wireless AirLink Raven XE, all versions prior to 4.0.14, and AirLink Raven XT, all versions prior to 4.0.11. Several files and directories can be accessed without authentication, which may allow a remote attacker to perform sensitive functions including arbitrary file upload, file download, and device reboot. | |||||
| CVE-2017-6041 | 1 Marel | 44 A320, A320 Firmware, A325 and 41 more | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| An Unrestricted Upload issue was discovered in Marel Food Processing Systems M3000 terminal associated with the following systems: A320, A325, A371, A520 Master, A520 Slave, A530, A542, A571, Check Bin Grader, FlowlineQC T376, IPM3 Dual Cam v132, IPM3 Dual Cam v139, IPM3 Single Cam v132, P520, P574, SensorX13 QC flow line, SensorX23 QC Master, SensorX23 QC Slave, Speed Batcher, T374, T377, V36, V36B, and V36C; M3210 terminal associated with the same systems as the M3000 terminal identified above; M3000 desktop software associated with the same systems as the M3000 terminal identified above; MAC4 controller associated with the same systems as the M3000 terminal identified above; SensorX23 X-ray machine; SensorX25 X-ray machine; and MWS2 weighing system. This vulnerability allows an attacker to modify the operation and upload firmware changes without detection. | |||||
| CVE-2017-6047 | 1 3m | 1 Detcon Sitewatch Gateway | 2019-10-09 | 5.0 MEDIUM | 9.8 CRITICAL |
| Detcon Sitewatch Gateway, all versions without cellular, Passwords are presented in plaintext in a file that is accessible without authentication. | |||||
| CVE-2017-3907 | 1 Mcafee | 1 Mcafee Threat Intelligence Exchange | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| Code Injection vulnerability in the ePolicy Orchestrator (ePO) extension in McAfee Threat Intelligence Exchange (TIE) Server 2.1.0 and earlier allows remote attackers to execute arbitrary HTML code to be reflected in the response web page via unspecified vector. | |||||
| CVE-2017-3223 | 1 Dahuasecurity | 2 Ip Camera, Ip Camera Firmware | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| Dahua IP camera products using firmware versions prior to V2.400.0000.14.R.20170713 include a version of the Sonia web interface that may be vulnerable to a stack buffer overflow. Dahua IP camera products include an application known as Sonia (/usr/bin/sonia) that provides the web interface and other services for controlling the IP camera remotely. Versions of Sonia included in firmware versions prior to DH_IPC-Consumer-Zi-Themis_Eng_P_V2.408.0000.11.R.20170621 do not validate input data length for the 'password' field of the web interface. A remote, unauthenticated attacker may submit a crafted POST request to the IP camera's Sonia web interface that may lead to out-of-bounds memory operations and loss of availability or remote code execution. The issue was originally identified by the researcher in firmware version DH_IPC-HX1X2X-Themis_EngSpnFrn_N_V2.400.0000.30.R.20160803. | |||||
| CVE-2017-3216 | 5 Greenpacket, Huawei, Mada and 2 more | 28 Ox350, Ox350 Firmware, Bm2022 and 25 more | 2019-10-09 | 10.0 HIGH | 9.8 CRITICAL |
| WiMAX routers based on the MediaTek SDK (libmtk) that use a custom httpd plugin are vulnerable to an authentication bypass allowing a remote, unauthenticated attacker to gain administrator access to the device by performing an administrator password change on the device via a crafted POST request. | |||||
| CVE-2017-3192 | 1 D-link | 4 Dir-130, Dir-130 Firmware, Dir-330 and 1 more | 2019-10-09 | 5.0 MEDIUM | 9.8 CRITICAL |
| D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 do not sufficiently protect administrator credentials. The tools_admin.asp page discloses the administrator password in base64 encoding in the returned web page. A remote attacker with access to this page (potentially through a authentication bypass such as CVE-2017-3191) may obtain administrator credentials for the device. | |||||
| CVE-2017-2640 | 3 Debian, Pidgin, Redhat | 7 Debian Linux, Pidgin, Enterprise Linux Desktop and 4 more | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| An out-of-bounds write flaw was found in the way Pidgin before 2.12.0 processed XML content. A malicious remote server could potentially use this flaw to crash Pidgin or execute arbitrary code in the context of the pidgin process. | |||||
| CVE-2017-3181 | 1 Tibco | 7 Spotfire Analyst, Spotfire Client, Spotfire Connectors and 4 more | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple TIBCO Products are prone to multiple unspecified SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. The following products and versions are affected: TIBCO Spotfire Analyst 7.7.0 TIBCO Spotfire Connectors 7.6.0 TIBCO Spotfire Deployment Kit 7.7.0 TIBCO Spotfire Desktop 7.6.0 TIBCO Spotfire Desktop 7.7.0 TIBCO Spotfire Desktop Developer Edition 7.7.0 TIBCO Spotfire Desktop Language Packs 7.6.0 TIBCO Spotfire Desktop Language Packs 7.7.0 The following components are affected: TIBCO Spotfire Client TIBCO Spotfire Web Player Client | |||||
| CVE-2017-3184 | 1 Acti | 1 Camera Firmware | 2019-10-09 | 10.0 HIGH | 9.8 CRITICAL |
| ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC fail to properly restrict access to the factory reset page. An unauthenticated, remote attacker can exploit this vulnerability by directly accessing the http://x.x.x.x/setup/setup_maintain_firmware-default.html page. This will allow an attacker to perform a factory reset on the device, leading to a denial of service condition or the ability to make use of default credentials (CVE-2017-3186). | |||||
| CVE-2017-3185 | 1 Acti | 1 Camera Firmware | 2019-10-09 | 5.0 MEDIUM | 9.8 CRITICAL |
| ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC have a web application that uses the GET method to process requests that contain sensitive information such as user account name and password, which can expose that information through the browser's history, referrers, web logs, and other sources. | |||||
| CVE-2017-3191 | 1 D-link | 4 Dir-130, Dir-130 Firmware, Dir-330 and 1 more | 2019-10-09 | 5.0 MEDIUM | 9.8 CRITICAL |
| D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 are vulnerable to authentication bypass of the remote login page. A remote attacker that can access the remote management login page can manipulate the POST request in such a manner as to access some administrator-only pages such as tools_admin.asp without credentials. | |||||
| CVE-2017-3186 | 1 Acti | 1 Camera Firmware | 2019-10-09 | 10.0 HIGH | 9.8 CRITICAL |
| ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC use non-random default credentials across all devices. A remote attacker can take complete control of a device using default admin credentials. | |||||
| CVE-2017-3207 | 1 Themidnightcoders | 1 Weborb For Java | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| The Java implementations of AMF3 deserializers in WebORB for Java by Midnight Coders, version 5.1.1.0, derive class instances from java.io.Externalizable rather than the AMF3 specification's recommendation of flash.utils.IExternalizable. A remote attacker with the ability to spoof or control an RMI server connection may be able to send serialized Java objects that execute arbitrary code when deserialized. | |||||