Search
Total
49350 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-16175 | 1 Ewgaddis.lab6 Project | 1 Ewgaddis.lab6 | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| ewgaddis.lab6 is a file server. ewgaddis.lab6 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16176 | 1 Jansenstuffpleasework Project | 1 Jansenstuffpleasework | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| jansenstuffpleasework is a file server. jansenstuffpleasework is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16177 | 1 Chatbyvista Project | 1 Chatbyvista | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| chatbyvista is a file server. chatbyvista is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16182 | 1 Serverxxx Project | 1 Serverxxx | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| serverxxx is a static file server. serverxxx is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16183 | 1 Iter-server Project | 1 Iter-server | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| iter-server is a static file server. iter-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16184 | 1 Scott-blanch-weather-app Project | 1 Scott-blanch-weather-app | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| scott-blanch-weather-app is a sample Node.js app using Express 4. scott-blanch-weather-app is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16185 | 1 Uekw1511server Project | 1 Uekw1511server | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| uekw1511server is a static file server. uekw1511server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16190 | 1 Dcdcdcdcdc Project | 1 Dcdcdcdcdc | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| dcdcdcdcdc is a static file server. dcdcdcdcdc is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-15103 | 2 Heketi Project, Redhat | 2 Heketi, Enterprise Linux | 2019-10-09 | 9.0 HIGH | 8.8 HIGH |
| A security-check flaw was found in the way the Heketi 5 server API handled user requests. An authenticated Heketi user could send specially crafted requests to the Heketi server, resulting in remote command execution as the user running Heketi server and possibly privilege escalation. | |||||
| CVE-2017-16191 | 1 Cypserver Project | 1 Cypserver | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| cypserver is a static file server. cypserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16192 | 1 Getcityapi.yoehoehne Project | 1 Getcityapi.yoehoehne | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| getcityapi.yoehoehne is a web server. getcityapi.yoehoehne is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16193 | 1 Mfrs Project | 1 Mfrs | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| mfrs is a static file server. mfrs is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16199 | 1 Susu-sum Project | 1 Susu-sum | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| susu-sum is a static file server. susu-sum is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16200 | 1 Uv-tj-demo Project | 1 Uv-tj-demo | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| uv-tj-demo is a static file server. uv-tj-demo is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16201 | 1 Zjjserver Project | 1 Zjjserver | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| zjjserver is a static file server. zjjserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16202 | 1 Cofeescript Project | 1 Cofeescript | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| The cofeescript module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation. | |||||
| CVE-2017-16209 | 1 Enserver Project | 1 Enserver | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| enserver is a simple web server. enserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16210 | 1 Jn Jj Server Project | 1 Jn Jj Server | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| jn_jj_server is a static file server. jn_jj_server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16211 | 1 Lessindex Project | 1 Lessindex | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| lessindex is a static file server. lessindex is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16216 | 1 Tencent-server Project | 1 Tencent-server | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| tencent-server is a simple web server. tencent-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16217 | 1 Webrtc-experiment | 1 Fbr-client | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| fbr-client sends files through sockets via socket.io and webRTC. fbr-client is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16218 | 1 Dgard8.lab6 Project | 1 Dgard8.lab6 | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| dgard8.lab6 is a static file server. dgard8.lab6 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16219 | 1 Yttivy Project | 1 Yttivy | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| yttivy is a static file server. yttivy is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16225 | 1 Aegir Project | 1 Aegir | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| aegir is a module to help automate JavaScript project management. Version 12.0.0 through and including 12.0.7 bundled and published to npm the user (that performed a aegir-release) GitHub token. | |||||
| CVE-2017-15133 | 1 Miekg-dns Prject | 1 Miekg-dns | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| A denial of service flaw was found in miekg-dns before 1.0.4. A remote attacker could use carefully timed TCP packets to block the DNS server from accepting new connections. | |||||
| CVE-2017-15132 | 3 Canonical, Debian, Dovecot | 3 Ubuntu Linux, Debian Linux, Dovecot | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| A flaw was found in dovecot 2.0 up to 2.2.33 and 2.3.0. An abort of SASL authentication results in a memory leak in dovecot's auth client used by login processes. The leak has impact in high performance configuration where same login processes are reused and can cause the process to crash due to memory exhaustion. | |||||
| CVE-2017-15120 | 2 Debian, Powerdns | 2 Debian Linux, Recursor | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| An issue has been found in the parsing of authoritative answers in PowerDNS Recursor before 4.0.8, leading to a NULL pointer dereference when parsing a specially crafted answer containing a CNAME of a different class than IN. An unauthenticated remote attacker could cause a denial of service. | |||||
| CVE-2017-15119 | 4 Canonical, Debian, Qemu and 1 more | 4 Ubuntu Linux, Debian Linux, Qemu and 1 more | 2019-10-09 | 5.0 MEDIUM | 8.6 HIGH |
| The Network Block Device (NBD) server in Quick Emulator (QEMU) before 2.11 is vulnerable to a denial of service issue. It could occur if a client sent large option requests, making the server waste CPU time on reading up to 4GB per request. A client could use this flaw to keep the NBD server from serving other requests, resulting in DoS. | |||||
| CVE-2017-15107 | 1 Thekelleys | 1 Dnsmasq | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability was found in the implementation of DNSSEC in Dnsmasq up to and including 2.78. Wildcard synthesized NSEC records could be improperly interpreted to prove the non-existence of hostnames that actually exist. | |||||
| CVE-2017-15086 | 1 Redhat | 2 Enterprise Linux, Gluster Storage | 2019-10-09 | 5.8 MEDIUM | 7.4 HIGH |
| It was discovered that the fix for CVE-2017-12151 was not properly shipped in erratum RHSA-2017:2858 for Red Hat Gluster Storage 3.3 for RHEL 6. | |||||
| CVE-2017-15091 | 1 Powerdns | 1 Authoritative | 2019-10-09 | 5.5 MEDIUM | 7.1 HIGH |
| An issue has been found in the API component of PowerDNS Authoritative 4.x up to and including 4.0.4 and 3.x up to and including 3.4.11, where some operations that have an impact on the state of the server are still allowed even though the API has been configured as read-only via the api-readonly keyword. This missing check allows an attacker with valid API credentials to flush the cache, trigger a zone transfer or send a NOTIFY. | |||||
| CVE-2017-16066 | 1 Opencv.js Project | 1 Opencv.js | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| opencv.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-13996 | 1 Loytec | 2 Lvis-3me, Lvis-3me Firmware | 2019-10-09 | 6.5 MEDIUM | 8.8 HIGH |
| A Relative Path Traversal issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The web user interface fails to prevent access to critical files that non administrative users should not have access to, which could allow an attacker to create or modify files or execute arbitrary code. | |||||
| CVE-2017-12719 | 1 Advantech | 1 Webaccess | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| An Untrusted Pointer Dereference issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. A remote attacker is able to execute code to dereference a pointer within the program causing the application to become unavailable. | |||||
| CVE-2017-12694 | 1 Spidercontrol | 1 Scada Web Server | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| A Directory Traversal issue was discovered in SpiderControl SCADA Web Server. An attacker may be able to use a simple GET request to perform a directory traversal into system files. | |||||
| CVE-2017-13094 | 1 - | 1 - | 2019-10-09 | 4.6 MEDIUM | 7.8 HIGH |
| The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP, including modification of the encryption key and insertion of hardware trojans in any IP. The methods are flawed and, in the most egregious cases, enable attack vectors that allow recovery of the entire underlying plaintext IP. Implementations of IEEE P1735 may be weak to cryptographic attacks that allow an attacker to obtain plaintext intellectual property without the key, among other impacts. | |||||
| CVE-2017-12704 | 1 Advantech | 1 Webaccess | 2019-10-09 | 6.8 MEDIUM | 8.8 HIGH |
| A heap-based buffer overflow issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Researchers have identified multiple vulnerabilities where there is a lack of proper validation of the length of user-supplied data prior to copying it to the heap-based buffer, which could allow an attacker to execute arbitrary code under the context of the process. | |||||
| CVE-2017-12695 | 1 Gm | 1 Shanghai Onstar | 2019-10-09 | 4.0 MEDIUM | 8.8 HIGH |
| An Improper Authentication issue was discovered in General Motors (GM) and Shanghai OnStar (SOS) SOS iOS Client 7.1. Successful exploitation of this vulnerability may allow an attacker to subvert security mechanisms and reset a user account password. | |||||
| CVE-2017-14017 | 1 Progea | 1 Movicon | 2019-10-09 | 4.6 MEDIUM | 7.8 HIGH |
| An Uncontrolled Search Path Element issue was discovered in Progea Movicon Version 11.5.1181 and prior. An uncontrolled search path element vulnerability has been identified, which may allow a remote attacker without privileges to execute arbitrary code in the form of a malicious DLL file. | |||||
| CVE-2017-14001 | 1 Digium | 1 Asterisk Gui | 2019-10-09 | 9.0 HIGH | 8.8 HIGH |
| An Improper Neutralization of Special Elements used in an OS Command issue was discovered in Digium Asterisk GUI 2.1.0 and prior. An OS command injection vulnerability has been identified that may allow the execution of arbitrary code on the system through the inclusion of OS commands in the URL request of the program. | |||||
| CVE-2017-13998 | 1 Loytec | 2 Lvis-3me, Lvis-3me Firmware | 2019-10-09 | 6.0 MEDIUM | 7.5 HIGH |
| An Insufficiently Protected Credentials issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The application does not sufficiently protect sensitive information from unauthorized access. | |||||
| CVE-2017-12702 | 1 Advantech | 1 Webaccess | 2019-10-09 | 6.8 MEDIUM | 8.8 HIGH |
| An Externally Controlled Format String issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. String format specifiers based on user provided input are not properly validated, which could allow an attacker to execute arbitrary code. | |||||
| CVE-2017-12699 | 1 Azeotech | 1 Daqfactory | 2019-10-09 | 3.6 LOW | 7.1 HIGH |
| An Incorrect Default Permissions issue was discovered in AzeoTech DAQFactory versions prior to 17.1. Local, non-administrative users may be able to replace or modify original application files with malicious ones. | |||||
| CVE-2017-14095 | 1 Trendmicro | 1 Smart Protection Server | 2019-10-09 | 6.8 MEDIUM | 8.1 HIGH |
| A vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to perform remote command execution via a local file inclusion on a vulnerable system. | |||||
| CVE-2017-12730 | 1 Myscada | 1 Mypro | 2019-10-09 | 7.2 HIGH | 7.8 HIGH |
| An Unquoted Search Path issue was discovered in mySCADA myPRO Versions 7.0.26 and prior. Application services utilize unquoted search path elements, which could allow an attacker to execute arbitrary code with elevated privileges. | |||||
| CVE-2017-13095 | 1 - | 1 - | 2019-10-09 | 4.6 MEDIUM | 7.8 HIGH |
| The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP, including modification of a license-deny response to a license grant. The methods are flawed and, in the most egregious cases, enable attack vectors that allow recovery of the entire underlying plaintext IP. Implementations of IEEE P1735 may be weak to cryptographic attacks that allow an attacker to obtain plaintext intellectual property without the key, among other impacts. | |||||
| CVE-2017-13093 | 1 - | 1 - | 2019-10-09 | 4.6 MEDIUM | 7.8 HIGH |
| The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP, including modification of encrypted IP cyphertext to insert hardware trojans. The methods are flawed and, in the most egregious cases, enable attack vectors that allow recovery of the entire underlying plaintext IP. Implementations of IEEE P1735 may be weak to cryptographic attacks that allow an attacker to obtain plaintext intellectual property without the key, among other impacts. | |||||
| CVE-2017-13096 | 1 - | 1 - | 2019-10-09 | 4.6 MEDIUM | 7.8 HIGH |
| The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP, including modification of Rights Block to remove or relax access control. The methods are flawed and, in the most egregious cases, enable attack vectors that allow recovery of the entire underlying plaintext IP. Implementations of IEEE P1735 may be weak to cryptographic attacks that allow an attacker to obtain plaintext intellectual property without the key, among other impacts. | |||||
| CVE-2017-13097 | 1 - | 1 - | 2019-10-09 | 4.6 MEDIUM | 7.8 HIGH |
| The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP, including modification of Rights Block to remove or relax license requirement. The methods are flawed and, in the most egregious cases, enable attack vectors that allow recovery of the entire underlying plaintext IP. Implementations of IEEE P1735 may be weak to cryptographic attacks that allow an attacker to obtain plaintext intellectual property without the key, among other impacts. | |||||
| CVE-2017-13092 | 1 - | 1 - | 2019-10-09 | 4.6 MEDIUM | 7.8 HIGH |
| The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP, including improperly specified HDL syntax allows use of an EDA tool as a decryption oracle. The methods are flawed and, in the most egregious cases, enable attack vectors that allow recovery of the entire underlying plaintext IP. Implementations of IEEE P1735 may be weak to cryptographic attacks that allow an attacker to obtain plaintext intellectual property without the key, among other impacts. | |||||