Search
Total
2662 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-16237 | 1 Tgsoft | 1 Vir.it Explorer | 2017-11-22 | 4.6 MEDIUM | 7.8 HIGH |
| In Vir.IT eXplorer Anti-Virus before 8.5.42, the driver file (VIAGLT64.SYS) contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x8273007C. | |||||
| CVE-2017-9938 | 1 Siemens | 1 Simatic Logon | 2017-11-22 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability was discovered in Siemens SIMATIC Logon (All versions before V1.6) that could allow specially crafted packets sent to the SIMATIC Logon Remote Access service on port 16389/tcp to cause a Denial-of-Service condition. The service restarts automatically. | |||||
| CVE-2017-14919 | 1 Nodejs | 1 Node.js | 2017-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Node.js before 4.8.5, 6.x before 6.11.5, and 8.x before 8.8.0 allows remote attackers to cause a denial of service (uncaught exception and crash) by leveraging a change in the zlib module 1.2.9 making 8 an invalid value for the windowBits parameter. | |||||
| CVE-2017-16227 | 2 Debian, Quagga | 2 Debian Linux, Quagga | 2017-11-18 | 5.0 MEDIUM | 7.5 HIGH |
| The aspath_put function in bgpd/bgp_aspath.c in Quagga before 1.2.2 allows remote attackers to cause a denial of service (session drop) via BGP UPDATE messages, because AS_PATH size calculation for long paths counts certain bytes twice and consequently constructs an invalid message. | |||||
| CVE-2017-15956 | 1 Converto Video Downloader \& Converter Project | 1 Converto Video Downloader \& Converter | 2017-11-17 | 5.0 MEDIUM | 7.5 HIGH |
| ConverTo Video Downloader & Converter 1.4.1 allows Arbitrary File Download via the token parameter to download.php. | |||||
| CVE-2017-9675 | 1 Dlink | 2 Dir-605l, Dir-605l Firmware | 2017-11-17 | 7.8 HIGH | 7.5 HIGH |
| On D-Link DIR-605L devices, firmware before 2.08UIBetaB01.bin allows an unauthenticated GET request to trigger a reboot. | |||||
| CVE-2017-15928 | 1 Ox Project | 1 Ox | 2017-11-16 | 5.0 MEDIUM | 7.5 HIGH |
| In the Ox gem 2.8.0 for Ruby, the process crashes with a segmentation fault when a crafted input is supplied to parse_obj. NOTE: the vendor has stated "Ox should handle the error more gracefully" but has not confirmed a security implication. | |||||
| CVE-2017-14696 | 1 Saltstack | 1 Salt | 2017-11-15 | 5.0 MEDIUM | 7.5 HIGH |
| SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote attackers to cause a denial of service via a crafted authentication request. | |||||
| CVE-2017-15879 | 1 Keystonejs | 1 Keystone | 2017-11-14 | 6.8 MEDIUM | 8.8 HIGH |
| CSV Injection (aka Excel Macro Injection or Formula Injection) exists in admin/server/api/download.js and lib/list/getCSVData.js in KeystoneJS before 4.0.0-beta.7 via a value that is mishandled in a CSV export. | |||||
| CVE-2017-15951 | 1 Linux | 1 Linux Kernel | 2017-11-13 | 7.2 HIGH | 7.8 HIGH |
| The KEYS subsystem in the Linux kernel before 4.13.10 does not correctly synchronize the actions of updating versus finding a key in the "negative" state to avoid a race condition, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls. | |||||
| CVE-2017-2132 | 1 Panasonic | 2 Kx-hjb1000, Kx-hjb1000 Firmware | 2017-11-08 | 6.4 MEDIUM | 7.5 HIGH |
| Panasonic KX-HJB1000 Home unit devices with firmware GHX1YG 14.50 or HJB1000_4.47 allow an attacker to delete arbitrary files in a specific directory via unspecified vectors. | |||||
| CVE-2017-3759 | 1 Lenovo | 1 Service Framework | 2017-11-08 | 6.8 MEDIUM | 8.1 HIGH |
| The Lenovo Service Framework Android application accepts some responses from the server without proper validation. This exposes the application to man-in-the-middle attacks leading to possible remote code execution. | |||||
| CVE-2013-6049 | 2 Apt-listbugs Project, Debian | 2 Apt-listbugs, Debian Linux | 2017-11-08 | 4.6 MEDIUM | 7.8 HIGH |
| apt-listbugs before 0.1.10 creates temporary files insecurely, which allows attackers to have unspecified impact via unknown vectors. | |||||
| CVE-2016-7976 | 1 Artifex | 1 Ghostscript | 2017-11-04 | 6.8 MEDIUM | 8.8 HIGH |
| The PS Interpreter in Ghostscript 9.18 and 9.20 allows remote attackers to execute arbitrary code via crafted userparams. | |||||
| CVE-2017-7692 | 1 Squirrelmail | 1 Squirrelmail | 2017-11-04 | 9.0 HIGH | 8.8 HIGH |
| SquirrelMail 1.4.22 (and other versions before 20170427_0200-SVN) allows post-authentication remote code execution via a sendmail.cf file that is mishandled in a popen call. It's possible to exploit this vulnerability to execute arbitrary shell commands on the remote server. The problem is in the Deliver_SendMail.class.php with the initStream function that uses escapeshellcmd() to sanitize the sendmail command before executing it. The use of escapeshellcmd() is not correct in this case since it doesn't escape whitespaces, allowing the injection of arbitrary command parameters. The problem is in -f$envelopefrom within the sendmail command line. Hence, if the target server uses sendmail and SquirrelMail is configured to use it as a command-line program, it's possible to trick sendmail into using an attacker-provided configuration file that triggers the execution of an arbitrary command. For exploitation, the attacker must upload a sendmail.cf file as an email attachment, and inject the sendmail.cf filename with the -C option within the "Options > Personal Informations > Email Address" setting. | |||||
| CVE-2016-4332 | 1 Hdfgroup | 1 Hdf5 | 2017-11-04 | 6.9 MEDIUM | 8.6 HIGH |
| The library's failure to check if certain message types support a particular flag, the HDF5 1.8.16 library will cast the structure to an alternative structure and then assign to fields that aren't supported by the message type and the library will write outside the bounds of the heap buffer. This can lead to code execution under the context of the library. | |||||
| CVE-2017-5721 | 1 Intel | 10 Nuc7i3bnh, Nuc7i3bnh Firmware, Nuc7i3bnk and 7 more | 2017-11-03 | 4.4 MEDIUM | 7.5 HIGH |
| Insufficient input validation in system firmware for Intel NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, NUC7i7BNH versions BN0049 and below allows local attackers to execute arbitrary code via manipulation of memory. | |||||
| CVE-2017-8025 | 1 Emc | 1 Archer Grc Platform | 2017-11-03 | 6.8 MEDIUM | 7.4 HIGH |
| RSA Archer GRC Platform prior to 6.2.0.5 is affected by an arbitrary file upload vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to upload malicious files via attachments to arbitrary paths on the web server. | |||||
| CVE-2017-15285 | 1 Qualiteam | 1 X-cart | 2017-11-03 | 6.5 MEDIUM | 8.8 HIGH |
| X-Cart 5.2.23, 5.3.1.9, 5.3.2.13, and 5.3.3 is vulnerable to Remote Code Execution. This vulnerability exists because the application fails to check remote file extensions before saving locally. This vulnerability can be exploited by anyone with Vendor access or higher. One attack methodology is to upload an image file in the Attachments section of a product catalog, upload a .php file with an "Add File Via URL" action, and change the image's Description URL to reference the .php URL in the attachments/ directory. | |||||
| CVE-2017-15012 | 1 Opentext | 1 Documentum Content Server | 2017-11-03 | 6.5 MEDIUM | 8.8 HIGH |
| OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 does not properly validate the input of the PUT_FILE RPC-command, which allows any authenticated user to hijack an arbitrary file from the Content Server filesystem; because some files on the Content Server filesystem are security-sensitive, this leads to privilege escalation. | |||||
| CVE-2017-1541 | 1 Ibm | 1 Aix | 2017-11-02 | 7.5 HIGH | 7.3 HIGH |
| A flaw in the AIX 5.3, 6.1, 7.1, and 7.2 JRE/SDK installp and updatep packages prevented the java.security, java.policy and javaws.policy files from being updated correctly. IBM X-Force ID: 130809. | |||||
| CVE-2017-1210 | 1 Ibm | 1 Daeja Viewone | 2017-10-27 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0.2 could allow an unauthenticated attacker to inject data into log files made to look legitimate. IBM X-Force ID: 123850. | |||||
| CVE-2017-9272 | 1 Microfocus | 2 Bi-directional Driver, Identity Manager | 2017-10-20 | 5.0 MEDIUM | 7.5 HIGH |
| The Bi-directional driver in IDM 4.5 before 4.0.3.0 could be susceptible to a denial of service attack. | |||||
| CVE-2017-11781 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2017-10-20 | 7.8 HIGH | 7.5 HIGH |
| The Microsoft Server Block Message (SMB) on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows a denial of service vulnerability when an attacker sends specially crafted requests to the server, aka "Windows SMB Denial of Service Vulnerability". | |||||
| CVE-2016-0834 | 1 Google | 1 Android | 2017-10-19 | 10.0 HIGH | 8.4 HIGH |
| An unspecified media codec in mediaserver in Android 6.x before 2016-04-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 26220548. | |||||
| CVE-2017-8018 | 2 Emc, Microsoft | 2 Appsync, Windows | 2017-10-17 | 5.0 MEDIUM | 7.5 HIGH |
| EMC AppSync host plug-in versions 3.5 and below (Windows platform only) includes a denial of service (DoS) vulnerability that could potentially be exploited by malicious users to compromise the affected system. | |||||
| CVE-2017-14944 | 1 Inedo | 1 Proget | 2017-10-11 | 5.0 MEDIUM | 7.5 HIGH |
| Inedo ProGet before 4.7.14 does not properly address dangerous package IDs during package addition, aka PG-1060. | |||||
| CVE-2017-14935 | 1 Pulsesecure | 1 Pulse One On-premise | 2017-10-06 | 5.0 MEDIUM | 7.5 HIGH |
| Pulse Secure Pulse One On-Premise 2.0.1649 and below does not properly validate requests, which allows remote users to query and obtain sensitive information. | |||||
| CVE-2017-14320 | 1 Mirasvit | 1 Helpdesk Mx | 2017-10-04 | 6.0 MEDIUM | 8.0 HIGH |
| Mirasvit Helpdesk MX before 1.5.3 might allow remote attackers to execute arbitrary code by leveraging failure to filter uploaded files. | |||||
| CVE-2017-6272 | 2 Microsoft, Nvidia | 2 Windows, Gpu Driver | 2017-10-03 | 7.2 HIGH | 7.8 HIGH |
| NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where a value passed from a user to the driver is not correctly validated and used as the index to an array which may lead to a denial of service or possible escalation of privileges. | |||||
| CVE-2015-7318 | 1 Plone | 1 Plone | 2017-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| Plone 3.3.0 through 3.3.6 allows remote attackers to inject headers into HTTP responses. | |||||
| CVE-2015-5179 | 1 Freeipa | 1 Freeipa | 2017-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| FreeIPA might display user data improperly via vectors involving non-printable characters. | |||||
| CVE-2017-6269 | 2 Microsoft, Nvidia | 2 Windows, Gpu Driver | 2017-09-29 | 7.2 HIGH | 7.8 HIGH |
| NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a pointer passed from a user to the driver is used without validation which may lead to denial of service or possible escalation of privileges. | |||||
| CVE-2017-14511 | 1 Sap | 1 E-recruiting | 2017-09-28 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in SAP E-Recruiting (aka ERECRUIT) 605 through 617. When an external applicant registers to the E-Recruiting application, he/she receives a link by email to confirm access to the provided email address. However, this measure can be bypassed and attackers can register and confirm email addresses that they do not have access to (candidate_hrobject is predictable and corr_act_guid is improperly validated). Furthermore, since an email address can be registered only once, an attacker could prevent other legitimate users from registering. This is SAP Security Note 2507798. | |||||
| CVE-2017-6277 | 2 Microsoft, Nvidia | 2 Windows, Gpu Driver | 2017-09-28 | 7.2 HIGH | 7.8 HIGH |
| NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a value passed from a user to the driver is not correctly validated and used as the index to an array which may lead to denial of service or possible escalation of privileges. | |||||
| CVE-2017-6268 | 2 Microsoft, Nvidia | 2 Windows, Gpu Driver | 2017-09-28 | 7.2 HIGH | 7.8 HIGH |
| NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a value passed from a user to the driver is not correctly validated and used as the index to an array which may lead to denial of service or possible escalation of privileges. | |||||
| CVE-2017-14335 | 1 Hbgk | 138 7204xr, 7204xr Firmware, 7208xr and 135 more | 2017-09-28 | 5.0 MEDIUM | 7.5 HIGH |
| On Beijing Hanbang Hanbanggaoke devices, because user-controlled input is not sufficiently sanitized, sending a PUT request to /ISAPI/Security/users/1 allows an admin password change. | |||||
| CVE-2017-14617 | 1 Freedesktop | 1 Poppler | 2017-09-27 | 6.8 MEDIUM | 7.8 HIGH |
| In Poppler 0.59.0, a floating point exception occurs in the ImageStream class in Stream.cc, which may lead to a potential attack when handling malicious PDF files. | |||||
| CVE-2017-8699 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2017-09-21 | 7.6 HIGH | 7.0 HIGH |
| Windows Shell in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to run arbitrary code in the context of the current user, due to the way that Windows Shell validates file copy destinations, aka "Windows Shell Remote Code Execution Vulnerability". | |||||
| CVE-2017-8714 | 1 Microsoft | 4 Windows 10, Windows 8.1, Windows Server 2012 and 1 more | 2017-09-19 | 6.9 MEDIUM | 7.8 HIGH |
| The Windows Hyper-V component on Microsoft Windows 8.1, Windows Server 2012 Gold and R2,, Windows 10 1607, and Windows Server 2016 allows a remote code execution vulnerability when it fails to properly validate input from an authenticated user on a guest operating system, aka "Remote Desktop Virtual Host Remote Code Execution Vulnerability". | |||||
| CVE-2017-8396 | 1 Gnu | 1 Binutils | 2017-09-19 | 5.0 MEDIUM | 7.5 HIGH |
| The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 1 because the existing reloc offset range tests didn't catch small negative offsets less than the size of the reloc field. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objdump, to crash. | |||||
| CVE-2015-6567 | 1 Wolfcms | 1 Wolf Cms | 2017-09-17 | 6.5 MEDIUM | 8.8 HIGH |
| Wolf CMS before 0.8.3.1 allows unrestricted file upload and PHP Code Execution because admin/plugin/file_manager/browse/ (aka the filemanager) does not validate the parameter "filename" properly. Exploitation requires a registered user who has access to upload functionality. | |||||
| CVE-2015-6568 | 1 Wolfcms | 1 Wolf Cms | 2017-09-17 | 6.5 MEDIUM | 8.8 HIGH |
| Wolf CMS before 0.8.3.1 allows unrestricted file rename and PHP Code Execution because admin/plugin/file_manager/browse/ (aka the filemanager) does not prevent a change of a file extension to ".php" after originally using the parameter "filename" for uploading a JPEG image. Exploitation requires a registered user who has access to upload functionality. | |||||
| CVE-2017-14098 | 1 Digium | 1 Asterisk | 2017-09-14 | 5.0 MEDIUM | 7.5 HIGH |
| In the pjsip channel driver (res_pjsip) in Asterisk 13.x before 13.17.1 and 14.x before 14.6.1, a carefully crafted tel URI in a From, To, or Contact header could cause Asterisk to crash. | |||||
| CVE-2017-14105 | 1 Aerohive | 1 Hivemanager Classic | 2017-09-13 | 7.2 HIGH | 7.8 HIGH |
| HiveManager Classic through 8.1r1 allows arbitrary JSP code execution by modifying a backup archive before a restore, because the restore feature does not validate pathnames within the archive. An authenticated, local attacker - even restricted as a tenant - can add a jsp at HiveManager/tomcat/webapps/hm/domains/$yourtenant/maps (it will be exposed at the web interface). | |||||
| CVE-2015-0234 | 1 Pki-core Project | 1 Pki-core | 2017-09-12 | 5.0 MEDIUM | 7.5 HIGH |
| Multiple temporary file creation vulnerabilities in pki-core 10.2.0. | |||||
| CVE-2016-4462 | 1 Apache | 1 Ofbiz | 2017-09-12 | 6.5 MEDIUM | 8.8 HIGH |
| By manipulating the URL parameter externalLoginKey, a malicious, logged in user could pass valid Freemarker directives to the Template Engine that are reflected on the webpage; a specially crafted Freemarker template could be used for remote code execution. Mitigation: Upgrade to Apache OFBiz 16.11.01 | |||||
| CVE-2017-13709 | 1 Flightgear | 1 Flightgear | 2017-09-06 | 6.4 MEDIUM | 7.5 HIGH |
| In FlightGear before version 2017.3.1, Main/logger.cxx in the FGLogger subsystem allows one to overwrite any file via a resource that affects the contents of the global Property Tree. | |||||
| CVE-2015-1443 | 1 Fli4l | 1 Fli4l | 2017-09-06 | 9.0 HIGH | 8.8 HIGH |
| The httpd package in fli4l before 3.10.1 and 4.0 before 2015-01-30 allows remote attackers to execute arbitrary code. | |||||
| CVE-2015-1554 | 1 Kgb-bot Project | 1 Kgb-bot | 2017-09-05 | 5.0 MEDIUM | 7.5 HIGH |
| kgb-bot 1.33-2 allows remote attackers to cause a denial of service (crash). | |||||