Search
Total
6686 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-13245 | 1 Google | 1 Android | 2019-10-03 | 4.6 MEDIUM | 7.8 HIGH |
| A elevation of privilege vulnerability in the Upstream kernel audio driver. Product: Android. Versions: Android kernel. ID: A-64315347. | |||||
| CVE-2017-13254 | 1 Google | 1 Android | 2019-10-03 | 7.8 HIGH | 7.5 HIGH |
| A other vulnerability in the Android media framework (AACExtractor). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70239507. | |||||
| CVE-2017-13263 | 1 Google | 1 Android | 2019-10-03 | 7.5 HIGH | 7.3 HIGH |
| A elevation of privilege vulnerability in the Android framework. Product: Android. Versions: 8.0, 8.1. Android ID: A-69383160. | |||||
| CVE-2017-13265 | 1 Google | 1 Android | 2019-10-03 | 7.5 HIGH | 7.3 HIGH |
| A elevation of privilege vulnerability in the Android system (OTA updates). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-36232423. | |||||
| CVE-2017-13270 | 1 Google | 1 Android | 2019-10-03 | 7.5 HIGH | 7.3 HIGH |
| A elevation of privilege vulnerability in the upstream kernel mnh_sm driver. Product: Android. Versions: Android kernel. Android ID: A-69474744. | |||||
| CVE-2017-13271 | 1 Google | 1 Android | 2019-10-03 | 7.5 HIGH | 7.3 HIGH |
| A elevation of privilege vulnerability in the upstream kernel mnh_sm driver. Product: Android. Versions: Android kernel. Android ID: A-69006799. | |||||
| CVE-2017-13273 | 1 Google | 1 Android | 2019-10-03 | 6.9 MEDIUM | 7.0 HIGH |
| In xt_qtaguid.c, there is a race condition due to insufficient locking. This could lead to local elevation of privileges with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-65853158. | |||||
| CVE-2017-13306 | 1 Google | 1 Android | 2019-10-03 | 7.5 HIGH | 7.3 HIGH |
| A elevation of privilege vulnerability in the Upstream kernel mnh driver. Product: Android. Versions: Android kernel. Android ID: A-70295063. | |||||
| CVE-2017-13307 | 1 Google | 1 Android | 2019-10-03 | 7.5 HIGH | 7.3 HIGH |
| A elevation of privilege vulnerability in the Upstream kernel pci sysfs. Product: Android. Versions: Android kernel. Android ID: A-69128924. | |||||
| CVE-2017-13674 | 1 Symantec | 1 Proxyclient | 2019-10-03 | 7.2 HIGH | 7.8 HIGH |
| Symantec ProxyClient 3.4 for Windows is susceptible to a privilege escalation vulnerability. A malicious local Windows user can, under certain circumstances, exploit this vulnerability to escalate their privileges on the system and execute arbitrary code with LocalSystem privileges. | |||||
| CVE-2017-13681 | 1 Symantec | 1 Endpoint Protection | 2019-10-03 | 4.6 MEDIUM | 7.8 HIGH |
| Symantec Endpoint Protection prior to SEP 12.1 RU6 MP9 could be susceptible to a privilege escalation vulnerability, which is a type of issue that allows a user to gain elevated access to resources that are normally protected at lower access levels. In the circumstances of this issue, the capability of exploit is limited by the need to perform multiple file and directory writes to the local filesystem and as such, is not feasible in a standard drive-by type attack. | |||||
| CVE-2017-13698 | 1 Moxa | 2 Eds-g512e, Eds-g512e Firmware | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. An attacker could extract public and private keys from the firmware image available on the MOXA website and could use them against a production switch that has the default keys embedded. | |||||
| CVE-2017-1371 | 1 Ibm | 1 Tririga Application Platform | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| Builder tools running in the IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 contains a vulnerability that could allow an authenticated user to execute Builder tool actions they do not have access to. IBM X-Force ID: 126864. | |||||
| CVE-2017-1373 | 1 Ibm | 1 Tririga Application Platform | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| Reports executed in the IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 contains a vulnerability that could allow an authenticated user to execute a report they do not have access to. IBM X-Force ID: 126866. | |||||
| CVE-2017-13827 | 1 Apple | 1 Mac Os X | 2019-10-03 | 9.3 HIGH | 7.8 HIGH |
| An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "kext tools" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app that performs kext loading. | |||||
| CVE-2017-13837 | 1 Apple | 1 Mac Os X | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "Installer" component. It does not properly restrict an app's entitlements for accessing the FileVault unlock key. | |||||
| CVE-2017-13871 | 1 Apple | 1 Mac Os X | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Mail" component. It allows remote attackers to read cleartext e-mail content (for which S/MIME encryption was intended) by leveraging the lack of installation of an S/MIME certificate by the recipient. | |||||
| CVE-2017-13874 | 1 Apple | 1 Iphone Os | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in certain Apple products. iOS before 11.2 is affected. The issue involves the "Mail" component. It might allow remote attackers to bypass an intended encryption protection mechanism by leveraging incorrect S/MIME certificate selection. | |||||
| CVE-2017-13903 | 1 Apple | 2 Iphone Os, Tvos | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in certain Apple products. iOS before 11.2.1 is affected. tvOS before 11.2.1 is affected. The issue involves the "HomeKit" component. It allows remote attackers to modify the application state by leveraging incorrect message handling, as demonstrated by use of an Apple Watch to obtain an encryption key and unlock a door. | |||||
| CVE-2017-13989 | 1 Hp | 2 Arcsight Enterprise Security Manager, Arcsight Enterprise Security Manager Express | 2019-10-03 | 5.5 MEDIUM | 8.1 HIGH |
| An improper access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows unauthorized users to retrieve or modify storage information. | |||||
| CVE-2017-14083 | 1 Trendmicro | 1 Officescan | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in Trend Micro OfficeScan 11.0 and XG allows remote unauthenticated users who can access the system to download the OfficeScan encryption file. | |||||
| CVE-2017-14084 | 1 Trendmicro | 1 Officescan | 2019-10-03 | 6.8 MEDIUM | 8.1 HIGH |
| A potential Man-in-the-Middle (MitM) attack vulnerability in Trend Micro OfficeScan 11.0 and XG may allow attackers to execute arbitrary code on vulnerable installations. | |||||
| CVE-2017-14176 | 2 Canonical, Debian | 3 Bazaar, Ubuntu Linux, Debian Linux | 2019-10-03 | 9.3 HIGH | 8.8 HIGH |
| Bazaar through 2.7.0, when Subprocess SSH is used, allows remote attackers to execute arbitrary commands via a bzr+ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-16228, CVE-2017-1000116, and CVE-2017-1000117. | |||||
| CVE-2017-14311 | 1 Netmechanica | 1 Netdecision | 2019-10-03 | 4.6 MEDIUM | 7.8 HIGH |
| The Winring0x32.sys driver in NetMechanica NetDecision 5.8.2 allows local users to gain privileges via a crafted 0x9C402088 IOCTL call. | |||||
| CVE-2017-14319 | 1 Xen | 1 Xen | 2019-10-03 | 7.2 HIGH | 8.8 HIGH |
| A grant unmapping issue was discovered in Xen through 4.9.x. When removing or replacing a grant mapping, the x86 PV specific path needs to make sure page table entries remain in sync with other accounting done. Although the identity of the page frame was validated correctly, neither the presence of the mapping nor page writability were taken into account. | |||||
| CVE-2017-14332 | 1 Extremenetworks | 1 Extremexos | 2019-10-03 | 6.8 MEDIUM | 8.1 HIGH |
| Extreme EXOS 15.7, 16.x, 21.x, and 22.x allows remote attackers to hijack sessions by determining SessionID values. | |||||
| CVE-2017-14355 | 1 Microfocus | 1 Connected Backup | 2019-10-03 | 7.2 HIGH | 7.8 HIGH |
| A potential security vulnerability has been identified in HPE Connected Backup versions 8.6 and 8.8.6. The vulnerability could be exploited locally to allow escalation of privilege. | |||||
| CVE-2017-14390 | 1 Pivotal Software | 1 Cf-deployment | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| In Cloud Foundry Foundation cf-deployment v0.35.0, a misconfiguration with Loggregator and syslog-drain causes logs to be drained to unintended locations. | |||||
| CVE-2017-0648 | 1 Linux | 1 Linux Kernel | 2019-10-03 | 9.3 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability in the kernel FIQ debugger could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-36101220. | |||||
| CVE-2017-14460 | 1 Parity | 1 Ethereum Client | 2019-10-03 | 5.1 MEDIUM | 7.5 HIGH |
| An exploitable overly permissive cross-domain (CORS) whitelist vulnerability exists in JSON-RPC of Parity Ethereum client version 1.7.8. An automatically sent JSON object to JSON-RPC endpoint can trigger this vulnerability. A victim needs to visit a malicious website to trigger this vulnerability. | |||||
| CVE-2017-14482 | 2 Debian, Gnu | 2 Debian Linux, Emacs | 2019-10-03 | 6.8 MEDIUM | 8.8 HIGH |
| GNU Emacs before 25.3 allows remote attackers to execute arbitrary code via email with crafted "Content-Type: text/enriched" data containing an x-display XML element that specifies execution of shell commands, related to an unsafe text/enriched extension in lisp/textmodes/enriched.el, and unsafe Gnus support for enriched and richtext inline MIME objects in lisp/gnus/mm-view.el. In particular, an Emacs user can be instantly compromised by reading a crafted email message (or Usenet news article). | |||||
| CVE-2017-1451 | 3 Ibm, Linux, Microsoft | 4 Db2, Db2 Connect, Linux Kernel and 1 more | 2019-10-03 | 7.2 HIGH | 7.8 HIGH |
| IBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user with DB2 instance owner privileges to obtain root access. IBM X-Force ID: 128178. | |||||
| CVE-2017-1452 | 3 Ibm, Linux, Microsoft | 4 Db2, Db2 Connect, Linux Kernel and 1 more | 2019-10-03 | 7.2 HIGH | 7.8 HIGH |
| IBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user to obtain elevated privilege and overwrite DB2 files. IBM X-Force ID: 128180. | |||||
| CVE-2017-0636 | 1 Google | 1 Android | 2019-10-03 | 7.6 HIGH | 7.0 HIGH |
| An elevation of privilege vulnerability in the MediaTek command queue driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-35310230. References: M-ALPS03162263. | |||||
| CVE-2017-14593 | 1 Atlassian | 1 Sourcetree | 2019-10-03 | 9.0 HIGH | 8.8 HIGH |
| Sourcetree for Windows had several argument and command injection bugs in Mercurial and Git repository handling. An attacker with permission to commit to a repository linked in Sourcetree for Windows is able to exploit this issue to gain code execution on the system. From version 0.8.4b of Sourcetree for Windows, this vulnerability can be triggered from a webpage through the use of the Sourcetree URI handler. Versions of Sourcetree for Windows starting with 0.5.1.0 before version 2.4.7.0 are affected by this vulnerability | |||||
| CVE-2017-1467 | 1 Ibm | 2 Infosphere Information Server, Softlayer | 2019-10-03 | 6.8 MEDIUM | 8.1 HIGH |
| A network layer security vulnerability in InfoSphere Information Server 9.1, 11.3, and 11.5 can lead to privilege escalation or unauthorized access. IBM X-Force ID: 128466. | |||||
| CVE-2017-1468 | 1 Ibm | 2 Infosphere Information Server, Softlayer | 2019-10-03 | 4.6 MEDIUM | 7.8 HIGH |
| IBM InfoSphere Information Server 9.1, 11.3, and 11.5 could allow a local user to gain elevated privileges by placing arbitrary files in installation directories. IBM X-force ID: 128467. | |||||
| CVE-2017-14763 | 1 Genixcms | 1 Genixcms | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| In the Install Themes page in GeniXCMS 1.1.4, remote authenticated users can execute arbitrary PHP code via a .php file in a ZIP archive of a theme. | |||||
| CVE-2017-14773 | 1 Skyboxsecurity | 1 Skybox Manager Client Application | 2019-10-03 | 4.6 MEDIUM | 7.8 HIGH |
| Skybox Manager Client Application prior to 8.5.501 is prone to an elevation of privileges vulnerability during authentication of a valid user in a debugger-pause state. The vulnerability can only be exploited by a local authenticated attacker. | |||||
| CVE-2017-14855 | 1 Redlion | 2 Hmi Panel, Hmi Panel Firmware | 2019-10-03 | 7.8 HIGH | 8.6 HIGH |
| Red Lion HMI panels allow remote attackers to cause a denial of service (software exception) via an HTTP POST request to a long URI that does not exist, as demonstrated by version HMI 2.41 PLC 2.42. | |||||
| CVE-2017-1491 | 1 Ibm | 1 Qradar Network Security | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| IBM QRadar Network Security 5.4 supports interaction between multiple actors and allows those actors to negotiate which algorithm should be used as a protection mechanism such as encryption or authentication, but it does not select the strongest algorithm that is available to both parties. IBM X-Force ID: 128689. | |||||
| CVE-2017-14979 | 1 Gxlcms | 1 Gxlcms | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| Gxlcms uses an unsafe character-replacement approach in an attempt to restrict access, which allows remote attackers to read arbitrary files via modified pathnames in the s parameter to index.php, related to Lib/Admin/Action/TplAction.class.php and Lib/Admin/Common/function.php. | |||||
| CVE-2017-15044 | 1 Docuware | 1 Fulltext Server | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| The default installation of DocuWare Fulltext Search server through 6.11 allows remote users to connect to and download searchable text from the embedded Solr service, bypassing DocuWare's access control features of the DocuWare user interfaces and API. An attacker can also gain privileges by modifying text. The default installation is unsafe because the server listens on the network interface, not the localhost interface. | |||||
| CVE-2017-15190 | 1 Wireshark | 1 Wireshark | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 2.4.0 to 2.4.1, the RTSP dissector could crash. This was addressed in epan/dissectors/packet-rtsp.c by correcting the scope of a variable. | |||||
| CVE-2017-15192 | 1 Wireshark | 1 Wireshark | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 2.4.0 to 2.4.1 and 2.2.0 to 2.2.9, the BT ATT dissector could crash. This was addressed in epan/dissectors/packet-btatt.c by considering a case where not all of the BTATT packets have the same encapsulation level. | |||||
| CVE-2017-15365 | 3 Fedoraproject, Mariadb, Percona | 3 Fedora, Mariadb, Xtradb Cluster | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x before 10.2.10 and Percona XtraDB Cluster before 5.6.37-26.21-3 and 5.7.x before 5.7.19-29.22-3 allows remote authenticated users with SQL access to bypass intended access restrictions and replicate data definition language (DDL) statements to cluster nodes by leveraging incorrect ordering of DDL replication and ACL checking. | |||||
| CVE-2017-0623 | 1 Linux | 1 Linux Kernel | 2019-10-03 | 7.6 HIGH | 7.0 HIGH |
| An elevation of privilege vulnerability in the HTC bootloader could enable a local malicious application to execute arbitrary code within the context of the bootloader. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32512358. | |||||
| CVE-2017-15387 | 2 Debian, Google | 2 Debian Linux, Chrome | 2019-10-03 | 6.8 MEDIUM | 8.8 HIGH |
| Insufficient enforcement of Content Security Policy in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to open javascript: URL windows when they should not be allowed to via a crafted HTML page. | |||||
| CVE-2017-1539 | 1 Ibm | 1 Business Process Manager | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to privilege escalation by not properly distinguishing internal group memberships from user registry group memberships. By manipulating LDAP group membership an attack might gain privileged access. IBM X-Force ID: 130807. | |||||
| CVE-2017-15594 | 1 Xen | 1 Xen | 2019-10-03 | 4.6 MEDIUM | 8.8 HIGH |
| An issue was discovered in Xen through 4.9.x allowing x86 SVM PV guest OS users to cause a denial of service (hypervisor crash) or gain privileges because IDT settings are mishandled during CPU hotplugging. | |||||