Vulnerabilities (CVE)

CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-0807 1 Google 1 Android 2019-10-03 10.0 HIGH 9.8 CRITICAL
An elevation of privilege vulnerability in the Android framework (ui framework). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35056974.
CVE-2017-0828 1 Google 1 Android 2019-10-03 7.5 HIGH 9.8 CRITICAL
An elevation of privilege vulnerability in the Huawei bootloader. Product: Android. Versions: Android kernel. Android ID: A-34622855.
CVE-2017-0829 1 Google 1 Android 2019-10-03 7.5 HIGH 9.8 CRITICAL
An elevation of privilege vulnerability in the Motorola bootloader. Product: Android. Versions: Android kernel. Android ID: A-62345044.
CVE-2017-8122 1 Huawei 1 Uma 2019-10-03 7.5 HIGH 9.8 CRITICAL
The UMA product with software V200R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges.
CVE-2017-8123 1 Huawei 1 Uma 2019-10-03 7.5 HIGH 9.8 CRITICAL
The UMA product with software V200R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges.
CVE-2017-8124 1 Huawei 1 Uma 2019-10-03 7.5 HIGH 9.8 CRITICAL
The UMA product with software V200R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges.
CVE-2018-4110 1 Apple 1 Iphone Os 2019-10-03 7.5 HIGH 9.8 CRITICAL
An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves the "Web App" component. It allows remote attackers to bypass intended restrictions on cookie persistence.
CVE-2018-4115 1 Apple 4 Iphone Os, Mac Os X, Tvos and 1 more 2019-10-03 7.5 HIGH 9.8 CRITICAL
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves CFPreferences in the "System Preferences" component. It allows attackers to bypass intended access restrictions by leveraging incorrect configuration-profile persistence.
CVE-2017-8274 1 Qualcomm 24 Mdm9206, Mdm9206 Firmware, Mdm9607 and 21 more 2019-10-03 10.0 HIGH 9.8 CRITICAL
In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MSM8909W, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, an access control vulnerability exists in Core.
CVE-2018-4310 1 Apple 2 Iphone Os, Mac Os X 2019-10-03 7.5 HIGH 10.0 CRITICAL
An access issue was addressed with additional sandbox restrictions. This issue affected versions prior to iOS 12, macOS Mojave 10.14.
CVE-2018-3679 1 Intel 1 Data Center Manager 2019-10-03 8.3 HIGH 9.6 CRITICAL
Escalation of privilege in Reference UI in Intel Data Center Manager SDK 5.0 and before may allow an unauthorized remote unauthenticated user to potentially execute code via administrator privileges.
CVE-2017-7279 1 Unitrends 1 Enterprise Backup 2019-10-03 10.0 HIGH 9.8 CRITICAL
An unprivileged user of the Unitrends Enterprise Backup before 9.0.0 web server can escalate to root privileges by modifying the "token" cookie issued at login.
CVE-2017-1000212 1 Alchemist-elixir 1 Alchemist-server 2019-10-03 7.5 HIGH 9.8 CRITICAL
Elixir's vim plugin, alchemist.vim is vulnerable to remote code execution in the bundled alchemist-server. A malicious website can execute requests against an ephemeral port on localhost that are then evaluated as elixir code.
CVE-2017-6950 1 Sap 1 Gui For Windows 2019-10-03 7.5 HIGH 9.8 CRITICAL
SAP GUI 7.2 through 7.5 allows remote attackers to bypass intended security policy restrictions and execute arbitrary code via a crafted ABAP code, aka SAP Security Note 2407616.
CVE-2017-6885 1 Flexerasoftware 1 Flexnet Manager Suite 2019-10-03 7.5 HIGH 9.8 CRITICAL
An error when handling certain external commands and services related to the FlexNet Inventory Agent and FlexNet Beacon of the Flexera Software FlexNet Manager Suite 2017 before 2017 R1 and 2014 R3 through 2016 R1 SP1 can be exploited to gain elevated privileges.
CVE-2017-8589 1 Microsoft 7 Windows 10, Windows 7, Windows 8.1 and 4 more 2019-10-03 10.0 HIGH 9.8 CRITICAL
Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code execution vulnerability due to the way that Windows Search handles objects in memory, aka "Windows Search Remote Code Execution Vulnerability".
CVE-2017-1000245 1 Jenkins 1 Ssh 2019-10-03 5.0 MEDIUM 9.8 CRITICAL
The SSH Plugin stores credentials which allow jobs to access remote servers via the SSH protocol. User passwords and passphrases for encrypted SSH keys are stored in plaintext in a configuration file.
CVE-2018-5328 1 Beims 1 Contractorweb.net 2019-10-03 7.5 HIGH 9.8 CRITICAL
ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 allows access to various /UserManagement/ privileged modules without authenticating the user; an attacker can misuse these functionalities to perform unauthorized actions, as demonstrated by Edit User Details.
CVE-2017-6925 1 Drupal 1 Drupal 2019-10-03 7.5 HIGH 9.8 CRITICAL
In versions of Drupal 8 core prior to 8.3.7; There is a vulnerability in the entity access system that could allow unwanted access to view, create, update, or delete entities. This only affects entities that do not use or do not have UUIDs, and entities that have different access restrictions on different revisions of the same entity.
CVE-2018-3641 1 Intel 2 Remote Keyboard, Remote Keyboard Mobile App 2019-10-03 7.5 HIGH 9.8 CRITICAL
Escalation of privilege in all versions of the Intel Remote Keyboard allows a network attacker to inject keystrokes as a local user.
CVE-2018-3294 1 Oracle 1 Vm Virtualbox 2019-10-03 6.0 MEDIUM 9.0 CRITICAL
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.20. Easily exploitable vulnerability allows low privileged attacker with network access via VRDP to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H).
CVE-2017-6622 1 Cisco 1 Prime Collaboration Provisioning 2019-10-03 10.0 HIGH 9.8 CRITICAL
A vulnerability in the web interface for Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to bypass authentication and perform command injection with root privileges. The vulnerability is due to missing security constraints in certain HTTP request methods, which could allow access to files via the web interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to the targeted application. This vulnerability affects Cisco Prime Collaboration Provisioning Software Releases prior to 12.1. Cisco Bug IDs: CSCvc98724.
CVE-2017-6526 1 Dnatools 1 Dnalims 2019-10-03 10.0 HIGH 9.8 CRITICAL
An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to unauthenticated command execution through an improperly protected administrative web shell (cgi-bin/dna/sysAdmin.cgi POST requests).
CVE-2018-5339 1 Zohocorp 1 Manageengine Desktop Central 2019-10-03 7.5 HIGH 9.8 CRITICAL
An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: insufficient enforcement of database query type restrictions.
CVE-2018-5377 1 Discuz 1 Discuzx 2019-10-03 7.5 HIGH 9.8 CRITICAL
Discuz! DiscuzX X3.4 allows remote attackers to bypass intended access restrictions via the archiver\index.php action parameter.
CVE-2017-6517 1 Microsoft 1 Skype 2019-10-03 10.0 HIGH 9.8 CRITICAL
Microsoft Skype 7.16.0.102 contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system. This vulnerability exists due to the way .dll files are loaded by Skype. It allows an attacker to load a .dll of the attacker's choosing that could execute arbitrary code without the user's knowledge.The specific flaw exists within the handling of DLL (api-ms-win-core-winrt-string-l1-1-0.dll) loading by the Skype.exe process.
CVE-2017-8931 1 Bitdefender 1 Gravityzone 2019-10-03 10.0 HIGH 9.8 CRITICAL
Bitdefender GravityZone VMware appliance before 6.2.1-35 might allow attackers to gain access with root privileges via unspecified vectors.
CVE-2017-10137 1 Oracle 1 Weblogic Server 2019-10-03 7.5 HIGH 10.0 CRITICAL
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: JNDI). Supported versions that are affected are 10.3.6.0 and 12.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. While the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).
CVE-2017-10151 1 Oracle 1 Identity Manager 2019-10-03 7.5 HIGH 10.0 CRITICAL
Vulnerability in the Oracle Identity Manager component of Oracle Fusion Middleware (subcomponent: Default Account). Supported versions that are affected are 11.1.1.7, 11.1.2.3 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Identity Manager. While the vulnerability is in Oracle Identity Manager, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Identity Manager. CVSS 3.0 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).
CVE-2017-10282 1 Oracle 1 Database Server 2019-10-03 6.5 MEDIUM 9.1 CRITICAL
Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.1.0.2 and 12.2.0.1. Easily exploitable vulnerability allows high privileged attacker having Create Session, Execute Catalog Role privilege with network access via Oracle Net to compromise Core RDBMS. While the vulnerability is in Core RDBMS, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Core RDBMS. CVSS 3.0 Base Score 9.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).
CVE-2017-8979 1 Hp 2 Integrated Lights-out, Integrated Lights-out 2 Firmware 2019-10-03 7.5 HIGH 9.8 CRITICAL
Security vulnerabilities in the HPE Integrated Lights-Out 2 (iLO 2) firmware could be exploited remotely to allow authentication bypass, code execution, and denial of service.
CVE-2017-10352 1 Oracle 1 Weblogic Server 2019-10-03 7.5 HIGH 9.9 CRITICAL
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Web Services). The supported version that is affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0, 12.2.1.2.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. While the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server as well as unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data and unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H).
CVE-2017-10366 1 Oracle 1 Peoplesoft Enterprise Peopletools 2019-10-03 7.5 HIGH 9.8 CRITICAL
Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of Oracle PeopleSoft Products (subcomponent: Performance Monitor). Supported versions that are affected are 8.54, 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PT PeopleTools. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PT PeopleTools. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
CVE-2017-10396 1 Oracle 1 Hospitality Cruise Affairwhere 2019-10-03 6.5 MEDIUM 9.9 CRITICAL
Vulnerability in the Oracle Hospitality Cruise AffairWhere component of Oracle Hospitality Applications (subcomponent: AffairWhere). Supported versions that are affected are 2.2.5.0, 2.2.6.0 and 2.2.7.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Hospitality Cruise AffairWhere executes to compromise Oracle Hospitality Cruise AffairWhere. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Hospitality Cruise AffairWhere, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Hospitality Cruise AffairWhere. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H).
CVE-2017-6326 1 Symantec 1 Messaging Gateway 2019-10-03 10.0 HIGH 10.0 CRITICAL
The Symantec Messaging Gateway can encounter an issue of remote code execution, which describes a situation whereby an individual may obtain the ability to execute commands remotely on a target machine or in a target process.
CVE-2017-8988 1 Hp 1 Xp Command View 2019-10-03 7.5 HIGH 9.8 CRITICAL
A Remote Bypass of Security Restrictions vulnerability was identified in HPE XP Command View Advanced Edition Software Earlier than 8.5.3-00. The vulnerability impacts DevMgr Earlier than 8.5.3-00 (for Windows, Linux), RepMgr earlier than 8.5.3-00 (for Windows, Linux) and HDLM earlier than 8.5.3-00 (for Windows, Linux, Solaris, AIX).
CVE-2018-3201 1 Oracle 1 Weblogic Server 2019-10-03 7.5 HIGH 9.8 CRITICAL
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). The supported version that is affected is 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
CVE-2017-6205 1 Dlink 7 Websmart Dgs-1510-20, Websmart Dgs-1510-28, Websmart Dgs-1510-28p and 4 more 2019-10-03 7.5 HIGH 9.8 CRITICAL
D-Link DGS-1510-28XMP, DGS-1510-28X, DGS-1510-52X, DGS-1510-52, DGS-1510-28P, DGS-1510-28, and DGS-1510-20 Websmart devices with firmware before 1.31.B003 allow attackers to conduct Unauthenticated Command Bypass attacks via unspecified vectors.
CVE-2017-10833 1 Nippon-antenna 2 Scr02hd, Scr02hd Firmware 2019-10-03 6.4 MEDIUM 9.1 CRITICAL
"Dokodemo eye Smart HD" SCR02HD Firmware 1.0.3.1000 and earlier allows remote attackers to bypass access restriction to view information or modify configurations via unspecified vectors.
CVE-2017-6080 1 Zammad 1 Zammad 2019-10-03 7.5 HIGH 9.8 CRITICAL
An issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1, caused by lack of a protection mechanism involving HTTP Access-Control headers. To exploit the vulnerability, an attacker can send cross-domain requests directly to the REST API for users with a valid session cookie and receive the result.
CVE-2017-9117 2 Canonical, Libtiff 2 Ubuntu Linux, Libtiff 2019-10-03 7.5 HIGH 9.8 CRITICAL
In LibTIFF 4.0.7, the program processes BMP images without verifying that biWidth and biHeight in the bitmap-information header match the actual input, leading to a heap-based buffer over-read in bmp2tiff.
CVE-2017-10989 1 Sqlite 1 Sqlite 2019-10-03 7.5 HIGH 9.8 CRITICAL
The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.
CVE-2017-9152 1 Autotrace Project 1 Autotrace 2019-10-03 7.5 HIGH 9.8 CRITICAL
libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the pnm_load_raw function in input-pnm.c:346:41.
CVE-2018-5777 1 Ipswitch 1 Whatsup Gold 2019-10-03 7.5 HIGH 9.8 CRITICAL
An issue was discovered in Ipswitch WhatsUp Gold before 2017 Plus SP1 (17.1.1). Remote clients can take advantage of a misconfiguration in the TFTP server that could allow attackers to execute arbitrary commands on the TFTP server via unspecified vectors.
CVE-2017-9164 1 Autotrace Project 1 Autotrace 2019-10-03 7.5 HIGH 9.8 CRITICAL
libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the GET_COLOR function in color.c:16:11.
CVE-2017-5959 1 Metalgenix 1 Genixcms 2019-10-03 7.5 HIGH 9.8 CRITICAL
CSRF token bypass in GeniXCMS before 1.0.2 could result in escalation of privileges. The forgotpassword.php page can be used to acquire a token.
CVE-2017-11010 1 Google 1 Android 2019-10-03 10.0 HIGH 9.8 CRITICAL
In Android before 2018-01-05 on Qualcomm Snapdragon IoT, Snapdragon Mobile MDM9206, MDM9650, SD 210/SD 212/SD 205, SD 625, SD 650/52, SD 835, access control left a configuration space unprotected.
CVE-2018-5855 1 Google 1 Android 2019-10-03 10.0 HIGH 9.8 CRITICAL
While padding or shrinking a nested wmi packet in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05, a buffer over-read can potentially occur.
CVE-2018-13996 1 Codeplea 1 Genann 2019-10-03 7.5 HIGH 9.8 CRITICAL
Genann through 2018-07-08 has a stack-based buffer over-read in genann_train in genann.c.
CVE-2018-6017 1 Tinder 1 Tinder 2019-10-03 6.4 MEDIUM 9.1 CRITICAL
Unencrypted transmission of images in Tinder iOS app and Tinder Android app allows an attacker to extract private sensitive information by sniffing network traffic.