Vulnerabilities (CVE)

CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-16175 1 Ewgaddis.lab6 Project 1 Ewgaddis.lab6 2019-10-09 5.0 MEDIUM 7.5 HIGH
ewgaddis.lab6 is a file server. ewgaddis.lab6 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
CVE-2017-16176 1 Jansenstuffpleasework Project 1 Jansenstuffpleasework 2019-10-09 5.0 MEDIUM 7.5 HIGH
jansenstuffpleasework is a file server. jansenstuffpleasework is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
CVE-2017-16177 1 Chatbyvista Project 1 Chatbyvista 2019-10-09 5.0 MEDIUM 7.5 HIGH
chatbyvista is a file server. chatbyvista is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
CVE-2017-16182 1 Serverxxx Project 1 Serverxxx 2019-10-09 5.0 MEDIUM 7.5 HIGH
serverxxx is a static file server. serverxxx is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
CVE-2017-16183 1 Iter-server Project 1 Iter-server 2019-10-09 5.0 MEDIUM 7.5 HIGH
iter-server is a static file server. iter-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
CVE-2017-16184 1 Scott-blanch-weather-app Project 1 Scott-blanch-weather-app 2019-10-09 5.0 MEDIUM 7.5 HIGH
scott-blanch-weather-app is a sample Node.js app using Express 4. scott-blanch-weather-app is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
CVE-2017-16185 1 Uekw1511server Project 1 Uekw1511server 2019-10-09 5.0 MEDIUM 7.5 HIGH
uekw1511server is a static file server. uekw1511server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
CVE-2017-16190 1 Dcdcdcdcdc Project 1 Dcdcdcdcdc 2019-10-09 5.0 MEDIUM 7.5 HIGH
dcdcdcdcdc is a static file server. dcdcdcdcdc is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
CVE-2017-15103 2 Heketi Project, Redhat 2 Heketi, Enterprise Linux 2019-10-09 9.0 HIGH 8.8 HIGH
A security-check flaw was found in the way the Heketi 5 server API handled user requests. An authenticated Heketi user could send specially crafted requests to the Heketi server, resulting in remote command execution as the user running Heketi server and possibly privilege escalation.
CVE-2017-16191 1 Cypserver Project 1 Cypserver 2019-10-09 5.0 MEDIUM 7.5 HIGH
cypserver is a static file server. cypserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
CVE-2017-16192 1 Getcityapi.yoehoehne Project 1 Getcityapi.yoehoehne 2019-10-09 5.0 MEDIUM 7.5 HIGH
getcityapi.yoehoehne is a web server. getcityapi.yoehoehne is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
CVE-2017-16193 1 Mfrs Project 1 Mfrs 2019-10-09 5.0 MEDIUM 7.5 HIGH
mfrs is a static file server. mfrs is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
CVE-2017-16199 1 Susu-sum Project 1 Susu-sum 2019-10-09 5.0 MEDIUM 7.5 HIGH
susu-sum is a static file server. susu-sum is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
CVE-2017-16200 1 Uv-tj-demo Project 1 Uv-tj-demo 2019-10-09 5.0 MEDIUM 7.5 HIGH
uv-tj-demo is a static file server. uv-tj-demo is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
CVE-2017-16201 1 Zjjserver Project 1 Zjjserver 2019-10-09 5.0 MEDIUM 7.5 HIGH
zjjserver is a static file server. zjjserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
CVE-2017-16202 1 Cofeescript Project 1 Cofeescript 2019-10-09 5.0 MEDIUM 7.5 HIGH
The cofeescript module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation.
CVE-2017-16209 1 Enserver Project 1 Enserver 2019-10-09 5.0 MEDIUM 7.5 HIGH
enserver is a simple web server. enserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
CVE-2017-16210 1 Jn Jj Server Project 1 Jn Jj Server 2019-10-09 5.0 MEDIUM 7.5 HIGH
jn_jj_server is a static file server. jn_jj_server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
CVE-2017-16211 1 Lessindex Project 1 Lessindex 2019-10-09 5.0 MEDIUM 7.5 HIGH
lessindex is a static file server. lessindex is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
CVE-2017-16216 1 Tencent-server Project 1 Tencent-server 2019-10-09 5.0 MEDIUM 7.5 HIGH
tencent-server is a simple web server. tencent-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
CVE-2017-16217 1 Webrtc-experiment 1 Fbr-client 2019-10-09 5.0 MEDIUM 7.5 HIGH
fbr-client sends files through sockets via socket.io and webRTC. fbr-client is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
CVE-2017-16218 1 Dgard8.lab6 Project 1 Dgard8.lab6 2019-10-09 5.0 MEDIUM 7.5 HIGH
dgard8.lab6 is a static file server. dgard8.lab6 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
CVE-2017-16219 1 Yttivy Project 1 Yttivy 2019-10-09 5.0 MEDIUM 7.5 HIGH
yttivy is a static file server. yttivy is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
CVE-2017-16225 1 Aegir Project 1 Aegir 2019-10-09 5.0 MEDIUM 7.5 HIGH
aegir is a module to help automate JavaScript project management. Version 12.0.0 through and including 12.0.7 bundled and published to npm the user (that performed a aegir-release) GitHub token.
CVE-2017-15133 1 Miekg-dns Prject 1 Miekg-dns 2019-10-09 5.0 MEDIUM 7.5 HIGH
A denial of service flaw was found in miekg-dns before 1.0.4. A remote attacker could use carefully timed TCP packets to block the DNS server from accepting new connections.
CVE-2017-15132 3 Canonical, Debian, Dovecot 3 Ubuntu Linux, Debian Linux, Dovecot 2019-10-09 5.0 MEDIUM 7.5 HIGH
A flaw was found in dovecot 2.0 up to 2.2.33 and 2.3.0. An abort of SASL authentication results in a memory leak in dovecot's auth client used by login processes. The leak has impact in high performance configuration where same login processes are reused and can cause the process to crash due to memory exhaustion.
CVE-2017-15120 2 Debian, Powerdns 2 Debian Linux, Recursor 2019-10-09 5.0 MEDIUM 7.5 HIGH
An issue has been found in the parsing of authoritative answers in PowerDNS Recursor before 4.0.8, leading to a NULL pointer dereference when parsing a specially crafted answer containing a CNAME of a different class than IN. An unauthenticated remote attacker could cause a denial of service.
CVE-2017-15119 4 Canonical, Debian, Qemu and 1 more 4 Ubuntu Linux, Debian Linux, Qemu and 1 more 2019-10-09 5.0 MEDIUM 8.6 HIGH
The Network Block Device (NBD) server in Quick Emulator (QEMU) before 2.11 is vulnerable to a denial of service issue. It could occur if a client sent large option requests, making the server waste CPU time on reading up to 4GB per request. A client could use this flaw to keep the NBD server from serving other requests, resulting in DoS.
CVE-2017-15107 1 Thekelleys 1 Dnsmasq 2019-10-09 5.0 MEDIUM 7.5 HIGH
A vulnerability was found in the implementation of DNSSEC in Dnsmasq up to and including 2.78. Wildcard synthesized NSEC records could be improperly interpreted to prove the non-existence of hostnames that actually exist.
CVE-2017-15086 1 Redhat 2 Enterprise Linux, Gluster Storage 2019-10-09 5.8 MEDIUM 7.4 HIGH
It was discovered that the fix for CVE-2017-12151 was not properly shipped in erratum RHSA-2017:2858 for Red Hat Gluster Storage 3.3 for RHEL 6.
CVE-2017-15091 1 Powerdns 1 Authoritative 2019-10-09 5.5 MEDIUM 7.1 HIGH
An issue has been found in the API component of PowerDNS Authoritative 4.x up to and including 4.0.4 and 3.x up to and including 3.4.11, where some operations that have an impact on the state of the server are still allowed even though the API has been configured as read-only via the api-readonly keyword. This missing check allows an attacker with valid API credentials to flush the cache, trigger a zone transfer or send a NOTIFY.
CVE-2017-16066 1 Opencv.js Project 1 Opencv.js 2019-10-09 5.0 MEDIUM 7.5 HIGH
opencv.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
CVE-2017-13996 1 Loytec 2 Lvis-3me, Lvis-3me Firmware 2019-10-09 6.5 MEDIUM 8.8 HIGH
A Relative Path Traversal issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The web user interface fails to prevent access to critical files that non administrative users should not have access to, which could allow an attacker to create or modify files or execute arbitrary code.
CVE-2017-12719 1 Advantech 1 Webaccess 2019-10-09 5.0 MEDIUM 7.5 HIGH
An Untrusted Pointer Dereference issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. A remote attacker is able to execute code to dereference a pointer within the program causing the application to become unavailable.
CVE-2017-12694 1 Spidercontrol 1 Scada Web Server 2019-10-09 5.0 MEDIUM 7.5 HIGH
A Directory Traversal issue was discovered in SpiderControl SCADA Web Server. An attacker may be able to use a simple GET request to perform a directory traversal into system files.
CVE-2017-13094 1 - 1 - 2019-10-09 4.6 MEDIUM 7.8 HIGH
The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP, including modification of the encryption key and insertion of hardware trojans in any IP. The methods are flawed and, in the most egregious cases, enable attack vectors that allow recovery of the entire underlying plaintext IP. Implementations of IEEE P1735 may be weak to cryptographic attacks that allow an attacker to obtain plaintext intellectual property without the key, among other impacts.
CVE-2017-12704 1 Advantech 1 Webaccess 2019-10-09 6.8 MEDIUM 8.8 HIGH
A heap-based buffer overflow issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Researchers have identified multiple vulnerabilities where there is a lack of proper validation of the length of user-supplied data prior to copying it to the heap-based buffer, which could allow an attacker to execute arbitrary code under the context of the process.
CVE-2017-12695 1 Gm 1 Shanghai Onstar 2019-10-09 4.0 MEDIUM 8.8 HIGH
An Improper Authentication issue was discovered in General Motors (GM) and Shanghai OnStar (SOS) SOS iOS Client 7.1. Successful exploitation of this vulnerability may allow an attacker to subvert security mechanisms and reset a user account password.
CVE-2017-14017 1 Progea 1 Movicon 2019-10-09 4.6 MEDIUM 7.8 HIGH
An Uncontrolled Search Path Element issue was discovered in Progea Movicon Version 11.5.1181 and prior. An uncontrolled search path element vulnerability has been identified, which may allow a remote attacker without privileges to execute arbitrary code in the form of a malicious DLL file.
CVE-2017-14001 1 Digium 1 Asterisk Gui 2019-10-09 9.0 HIGH 8.8 HIGH
An Improper Neutralization of Special Elements used in an OS Command issue was discovered in Digium Asterisk GUI 2.1.0 and prior. An OS command injection vulnerability has been identified that may allow the execution of arbitrary code on the system through the inclusion of OS commands in the URL request of the program.
CVE-2017-13998 1 Loytec 2 Lvis-3me, Lvis-3me Firmware 2019-10-09 6.0 MEDIUM 7.5 HIGH
An Insufficiently Protected Credentials issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The application does not sufficiently protect sensitive information from unauthorized access.
CVE-2017-12702 1 Advantech 1 Webaccess 2019-10-09 6.8 MEDIUM 8.8 HIGH
An Externally Controlled Format String issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. String format specifiers based on user provided input are not properly validated, which could allow an attacker to execute arbitrary code.
CVE-2017-12699 1 Azeotech 1 Daqfactory 2019-10-09 3.6 LOW 7.1 HIGH
An Incorrect Default Permissions issue was discovered in AzeoTech DAQFactory versions prior to 17.1. Local, non-administrative users may be able to replace or modify original application files with malicious ones.
CVE-2017-14095 1 Trendmicro 1 Smart Protection Server 2019-10-09 6.8 MEDIUM 8.1 HIGH
A vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to perform remote command execution via a local file inclusion on a vulnerable system.
CVE-2017-12730 1 Myscada 1 Mypro 2019-10-09 7.2 HIGH 7.8 HIGH
An Unquoted Search Path issue was discovered in mySCADA myPRO Versions 7.0.26 and prior. Application services utilize unquoted search path elements, which could allow an attacker to execute arbitrary code with elevated privileges.
CVE-2017-13095 1 - 1 - 2019-10-09 4.6 MEDIUM 7.8 HIGH
The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP, including modification of a license-deny response to a license grant. The methods are flawed and, in the most egregious cases, enable attack vectors that allow recovery of the entire underlying plaintext IP. Implementations of IEEE P1735 may be weak to cryptographic attacks that allow an attacker to obtain plaintext intellectual property without the key, among other impacts.
CVE-2017-13093 1 - 1 - 2019-10-09 4.6 MEDIUM 7.8 HIGH
The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP, including modification of encrypted IP cyphertext to insert hardware trojans. The methods are flawed and, in the most egregious cases, enable attack vectors that allow recovery of the entire underlying plaintext IP. Implementations of IEEE P1735 may be weak to cryptographic attacks that allow an attacker to obtain plaintext intellectual property without the key, among other impacts.
CVE-2017-13096 1 - 1 - 2019-10-09 4.6 MEDIUM 7.8 HIGH
The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP, including modification of Rights Block to remove or relax access control. The methods are flawed and, in the most egregious cases, enable attack vectors that allow recovery of the entire underlying plaintext IP. Implementations of IEEE P1735 may be weak to cryptographic attacks that allow an attacker to obtain plaintext intellectual property without the key, among other impacts.
CVE-2017-13097 1 - 1 - 2019-10-09 4.6 MEDIUM 7.8 HIGH
The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP, including modification of Rights Block to remove or relax license requirement. The methods are flawed and, in the most egregious cases, enable attack vectors that allow recovery of the entire underlying plaintext IP. Implementations of IEEE P1735 may be weak to cryptographic attacks that allow an attacker to obtain plaintext intellectual property without the key, among other impacts.
CVE-2017-13092 1 - 1 - 2019-10-09 4.6 MEDIUM 7.8 HIGH
The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP, including improperly specified HDL syntax allows use of an EDA tool as a decryption oracle. The methods are flawed and, in the most egregious cases, enable attack vectors that allow recovery of the entire underlying plaintext IP. Implementations of IEEE P1735 may be weak to cryptographic attacks that allow an attacker to obtain plaintext intellectual property without the key, among other impacts.