Vulnerabilities (CVE)

CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-12860 1 Epson 1 Easymp 2019-10-03 5.0 MEDIUM 9.8 CRITICAL
The Epson "EasyMP" software is designed to remotely stream a users computer to supporting projectors.These devices are authenticated using a unique 4-digit code, displayed on-screen - ensuring only those who can view it are streaming.In addition to the password, each projector has a hardcoded "backdoor" code (2270), which authenticates to all devices.
CVE-2017-12861 1 Epson 1 Easymp 2019-10-03 7.5 HIGH 9.8 CRITICAL
The Epson "EasyMP" software is designed to remotely stream a users computer to supporting projectors.These devices are authenticated using a unique 4-digit code, displayed on-screen - ensuring only those who can view it are streaming.All Epson projectors supporting the "EasyMP" software are vulnerable to a brute-force vulnerability, allowing any attacker on the network to remotely control and stream to the vulnerable device
CVE-2017-15896 1 Nodejs 1 Node.js 2019-10-03 6.4 MEDIUM 9.1 CRITICAL
Node.js was affected by OpenSSL vulnerability CVE-2017-3737 in regards to the use of SSL_read() due to TLS handshake failure. The result was that an active network attacker could send application data to Node.js using the TLS or HTTP2 modules in a way that bypassed TLS authentication and encryption.
CVE-2017-12873 2 Debian, Simplesamlphp 2 Debian Linux, Simplesamlphp 2019-10-03 7.5 HIGH 9.8 CRITICAL
SimpleSAMLphp 1.7.0 through 1.14.10 might allow attackers to obtain sensitive information, gain unauthorized access, or have unspecified other impacts by leveraging incorrect persistent NameID generation when an Identity Provider (IdP) is misconfigured.
CVE-2017-12893 1 Tcpdump 1 Tcpdump 2019-10-03 7.5 HIGH 9.8 CRITICAL
The SMB/CIFS parser in tcpdump before 4.9.2 has a buffer over-read in smbutil.c:name_len().
CVE-2017-12894 1 Tcpdump 1 Tcpdump 2019-10-03 7.5 HIGH 9.8 CRITICAL
Several protocol parsers in tcpdump before 4.9.2 could cause a buffer over-read in addrtoname.c:lookup_bytestring().
CVE-2017-12895 1 Tcpdump 1 Tcpdump 2019-10-03 7.5 HIGH 9.8 CRITICAL
The ICMP parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp.c:icmp_print().
CVE-2017-12897 1 Tcpdump 1 Tcpdump 2019-10-03 7.5 HIGH 9.8 CRITICAL
The ISO CLNS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isoclns_print().
CVE-2017-12898 1 Tcpdump 1 Tcpdump 2019-10-03 7.5 HIGH 9.8 CRITICAL
The NFS parser in tcpdump before 4.9.2 has a buffer over-read in print-nfs.c:interp_reply().
CVE-2017-12900 1 Tcpdump 1 Tcpdump 2019-10-03 7.5 HIGH 9.8 CRITICAL
Several protocol parsers in tcpdump before 4.9.2 could cause a buffer over-read in util-print.c:tok2strbuf().
CVE-2017-12901 1 Tcpdump 1 Tcpdump 2019-10-03 7.5 HIGH 9.8 CRITICAL
The EIGRP parser in tcpdump before 4.9.2 has a buffer over-read in print-eigrp.c:eigrp_print().
CVE-2017-13006 1 Tcpdump 1 Tcpdump 2019-10-03 7.5 HIGH 9.8 CRITICAL
The L2TP parser in tcpdump before 4.9.2 has a buffer over-read in print-l2tp.c, several functions.
CVE-2017-15718 1 Apache 1 Hadoop 2019-10-03 5.0 MEDIUM 9.8 CRITICAL
The YARN NodeManager in Apache Hadoop 2.7.3 and 2.7.4 can leak the password for credential store provider used by the NodeManager to YARN Applications.
CVE-2017-13007 1 Tcpdump 1 Tcpdump 2019-10-03 7.5 HIGH 9.8 CRITICAL
The Apple PKTAP parser in tcpdump before 4.9.2 has a buffer over-read in print-pktap.c:pktap_if_print().
CVE-2017-13008 1 Tcpdump 1 Tcpdump 2019-10-03 7.5 HIGH 9.8 CRITICAL
The IEEE 802.11 parser in tcpdump before 4.9.2 has a buffer over-read in print-802_11.c:parse_elements().
CVE-2017-13009 1 Tcpdump 1 Tcpdump 2019-10-03 7.5 HIGH 9.8 CRITICAL
The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print-mobility.c:mobility_print().
CVE-2017-15524 1 Kemptechnologies 1 Web Application Firewall 2019-10-03 6.4 MEDIUM 9.1 CRITICAL
The Application Firewall Pack (AFP, aka Web Application Firewall) component on Kemp Load Balancer devices with software before 7.2.40.1 allows a Security Feature Bypass via an HTTP POST request.
CVE-2017-12988 1 Tcpdump 1 Tcpdump 2019-10-03 7.5 HIGH 9.8 CRITICAL
The telnet parser in tcpdump before 4.9.2 has a buffer over-read in print-telnet.c:telnet_parse().
CVE-2017-15379 1 Softwarepublico 1 E-sic 2019-10-03 7.5 HIGH 9.8 CRITICAL
An authentication bypass exists in the E-Sic 1.0 /index (aka login) URI via '=''or' values for the username and password.
CVE-2017-13012 1 Tcpdump 1 Tcpdump 2019-10-03 7.5 HIGH 9.8 CRITICAL
The ICMP parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp.c:icmp_print().
CVE-2017-13040 1 Tcpdump 1 Tcpdump 2019-10-03 7.5 HIGH 9.8 CRITICAL
The MPTCP parser in tcpdump before 4.9.2 has a buffer over-read in print-mptcp.c, several functions.
CVE-2017-13041 1 Tcpdump 1 Tcpdump 2019-10-03 7.5 HIGH 9.8 CRITICAL
The ICMPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp6.c:icmp6_nodeinfo_print().
CVE-2017-13042 1 Tcpdump 1 Tcpdump 2019-10-03 7.5 HIGH 9.8 CRITICAL
The HNCP parser in tcpdump before 4.9.2 has a buffer over-read in print-hncp.c:dhcpv6_print().
CVE-2017-13043 1 Tcpdump 1 Tcpdump 2019-10-03 7.5 HIGH 9.8 CRITICAL
The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:decode_multicast_vpn().
CVE-2017-13044 1 Tcpdump 1 Tcpdump 2019-10-03 7.5 HIGH 9.8 CRITICAL
The HNCP parser in tcpdump before 4.9.2 has a buffer over-read in print-hncp.c:dhcpv4_print().
CVE-2017-13045 1 Tcpdump 1 Tcpdump 2019-10-03 7.5 HIGH 9.8 CRITICAL
The VQP parser in tcpdump before 4.9.2 has a buffer over-read in print-vqp.c:vqp_print().
CVE-2017-13046 1 Tcpdump 1 Tcpdump 2019-10-03 7.5 HIGH 9.8 CRITICAL
The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:bgp_attr_print().
CVE-2017-13047 1 Tcpdump 1 Tcpdump 2019-10-03 7.5 HIGH 9.8 CRITICAL
The ISO ES-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:esis_print().
CVE-2017-13048 1 Tcpdump 1 Tcpdump 2019-10-03 7.5 HIGH 9.8 CRITICAL
The RSVP parser in tcpdump before 4.9.2 has a buffer over-read in print-rsvp.c:rsvp_obj_print().
CVE-2017-13049 1 Tcpdump 1 Tcpdump 2019-10-03 7.5 HIGH 9.8 CRITICAL
The Rx protocol parser in tcpdump before 4.9.2 has a buffer over-read in print-rx.c:ubik_print().
CVE-2017-13050 1 Tcpdump 1 Tcpdump 2019-10-03 7.5 HIGH 9.8 CRITICAL
The RPKI-Router parser in tcpdump before 4.9.2 has a buffer over-read in print-rpki-rtr.c:rpki_rtr_pdu_print().
CVE-2017-13051 1 Tcpdump 1 Tcpdump 2019-10-03 7.5 HIGH 9.8 CRITICAL
The RSVP parser in tcpdump before 4.9.2 has a buffer over-read in print-rsvp.c:rsvp_obj_print().
CVE-2017-13052 1 Tcpdump 1 Tcpdump 2019-10-03 7.5 HIGH 9.8 CRITICAL
The CFM parser in tcpdump before 4.9.2 has a buffer over-read in print-cfm.c:cfm_print().
CVE-2017-13053 1 Tcpdump 1 Tcpdump 2019-10-03 7.5 HIGH 9.8 CRITICAL
The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:decode_rt_routing_info().
CVE-2017-13054 1 Tcpdump 1 Tcpdump 2019-10-03 7.5 HIGH 9.8 CRITICAL
The LLDP parser in tcpdump before 4.9.2 has a buffer over-read in print-lldp.c:lldp_private_8023_print().
CVE-2017-13055 1 Tcpdump 1 Tcpdump 2019-10-03 7.5 HIGH 9.8 CRITICAL
The ISO IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isis_print_is_reach_subtlv().
CVE-2017-13067 1 Qnap 1 Qts 2019-10-03 7.5 HIGH 9.8 CRITICAL
QNAP has patched a remote code execution vulnerability affecting the QTS Media Library in all versions prior to QTS 4.2.6 build 20170905 and QTS 4.3.3.0299 build 20170901. This particular vulnerability allows a remote attacker to execute commands on a QNAP NAS using a transcoding service on port 9251. A remote user does not require any privileges to successfully execute an attack.
CVE-2017-15295 1 Sap 1 Point Of Sale Xpress Server 2019-10-03 10.0 HIGH 9.8 CRITICAL
Xpress Server in SAP POS does not require authentication for read/write/delete file access. This is SAP Security Note 2520064.
CVE-2017-15032 2 Canonical, Imagemagick 2 Ubuntu Linux, Imagemagick 2019-10-03 7.5 HIGH 9.8 CRITICAL
ImageMagick version 7.0.7-2 contains a memory leak in ReadYCBCRImage in coders/ycbcr.c.
CVE-2017-14910 1 Qualcomm 42 Mdm9206, Mdm9206 Firmware, Mdm9607 and 39 more 2019-10-03 10.0 HIGH 9.8 CRITICAL
In Snapdragon Automobile, Snapdragon IoT and Snapdragon Mobile MDM9206 MDM9607, MDM9650, S820A, S820Am, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 820, SD 835, and SD 845, a buffer overread is possible if there are no newlines in an input file.
CVE-2017-14803 1 Netiq 1 Access Manager 2019-10-03 10.0 HIGH 9.8 CRITICAL
In NetIQ Access Manager 4.3 and 4.4, a bug exists in Identity Server when accessing a basic SSO connector and downloading the BasicSSO connector plugins on IE11 where an attacker can execute arbitrary code on the system.
CVE-2017-14590 1 Atlassian 1 Bamboo 2019-10-03 9.0 HIGH 9.1 CRITICAL
Bamboo did not check that the name of a branch in a Mercurial repository contained argument parameters. An attacker who has permission to create a repository in Bamboo, edit an existing plan that has a non-linked Mercurialrepository, create or edit a plan when there is at least one linked Mercurial repository that the attacker has permission to use, or commit to a Mercurial repository used by a Bamboo plan which has branch detection enabled can execute code of their choice on systems that run a vulnerable version of Bamboo Server. Versions of Bamboo starting with 2.7.0 before 6.1.6 (the fixed version for 6.1.x) and from 6.2.0 before 6.2.5 (the fixed version for 6.2.x) are affected by this vulnerability.
CVE-2017-14480 1 Mysql-mmm 1 Mysql Multi-master Replication Manager 2019-10-03 10.0 HIGH 9.8 CRITICAL
In the MMM::Agent::Helpers::Network::clear_ip function in MySQL Multi-Master Replication Manager (MMM) mmm_agentd 2.2.1 (for FreeBSD), a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm\_agentd process. An attacker that can initiate a TCP session with mmm\_agentd can trigger this vulnerability.
CVE-2017-14479 1 Mysql-mmm 1 Mysql Multi-master Replication Manager 2019-10-03 10.0 HIGH 9.8 CRITICAL
In the MMM::Agent::Helpers::Network::clear_ip function in MySQL Multi-Master Replication Manager (MMM) mmm_agentd 2.2.1 (for Solaris), a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm\_agentd process. An attacker that can initiate a TCP session with mmm\_agentd can trigger this vulnerability.
CVE-2017-14478 1 Mysql-mmm 1 Mysql Multi-master Replication Manager 2019-10-03 10.0 HIGH 9.8 CRITICAL
In the MMM::Agent::Helpers::Network::clear_ip function in MySQL Multi-Master Replication Manager (MMM) mmm_agentd 2.2.1 (for Linux), a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm\_agentd process. An attacker that can initiate a TCP session with mmm\_agentd can trigger this vulnerability.
CVE-2017-14477 1 Mysql-mmm 1 Mysql Multi-master Replication Manager 2019-10-03 10.0 HIGH 9.8 CRITICAL
In the MMM::Agent::Helpers::Network::add_ip function in MySQL Multi-Master Replication Manager (MMM) mmm_agentd 2.2.1 (for FreeBSD), a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm\_agentd process. An attacker that can initiate a TCP session with mmm\_agentd can trigger this vulnerability.
CVE-2017-14476 1 Mysql-mmm 1 Mysql Multi-master Replication Manager 2019-10-03 10.0 HIGH 9.8 CRITICAL
In the MMM::Agent::Helpers::Network::add_ip function in MySQL Multi-Master Replication Manager (MMM) mmm_agentd 2.2.1 (for Solaris), a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm\_agentd process. An attacker that can initiate a TCP session with mmm\_agentd can trigger this vulnerability.
CVE-2017-14475 1 Mysql-mmm 1 Mysql Multi-master Replication Manager 2019-10-03 10.0 HIGH 9.8 CRITICAL
In the MMM::Agent::Helpers::Network::add_ip function in MySQL Multi-Master Replication Manager (MMM) mmm_agentd 2.2.1 (for Linux), a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm\_agentd process. An attacker that can initiate a TCP session with mmm\_agentd can trigger this vulnerability.
CVE-2017-14474 1 Mysql-mmm 1 Mysql Multi-master Replication Manager 2019-10-03 10.0 HIGH 9.8 CRITICAL
In the MMM::Agent::Helpers::_execute function in MySQL Multi-Master Replication Manager (MMM) mmm_agentd 2.2.1, a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm\_agentd process. An attacker that can initiate a TCP session with mmm\_agentd can trigger this vulnerability.
CVE-2017-14473 1 Rockwellautomation 2 Micrologix 1400, Micrologix 1400 B Firmware 2019-10-03 7.5 HIGH 9.8 CRITICAL
An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: Any Description: Reads the encoded ladder logic from its data file and print it out in HEX.