Search
Total
49350 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-7218 | 1 Paloaltonetworks | 1 Pan-os | 2019-10-03 | 4.6 MEDIUM | 7.8 HIGH |
| The Management Web Interface in Palo Alto Networks PAN-OS before 7.1.9 allows remote authenticated users to gain privileges via unspecified request parameters. | |||||
| CVE-2017-11779 | 1 Microsoft | 5 Windows 10, Windows 8.1, Windows Rt 8.1 and 2 more | 2019-10-03 | 9.3 HIGH | 8.1 HIGH |
| The Microsoft Windows Domain Name System (DNS) DNSAPI.dll on Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability when it fails to properly handle DNS responses, aka "Windows DNSAPI Remote Code Execution Vulnerability". | |||||
| CVE-2017-7220 | 1 Opentext | 1 Documentum Content Server | 2019-10-03 | 9.0 HIGH | 8.8 HIGH |
| OpenText Documentum Content Server allows superuser access via sys_obj_save or save of a crafted object, followed by an unauthorized "UPDATE dm_dbo.dm_user_s SET user_privileges=16" command, aka an "RPC save-commands" attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-4532. | |||||
| CVE-2017-7536 | 1 Redhat | 1 Hibernate Validator | 2019-10-03 | 4.4 MEDIUM | 7.0 HIGH |
| In Hibernate Validator 5.2.x before 5.2.5 final, 5.3.x, and 5.4.x, it was found that when the security manager's reflective permissions, which allows it to access the private members of the class, are granted to Hibernate Validator, a potential privilege escalation can occur. By allowing the calling code to access those private members without the permission an attacker may be able to validate an invalid instance and access the private member value via ConstraintViolation#getInvalidValue(). | |||||
| CVE-2017-11684 | 1 Libav | 1 Libav | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| There is an illegal address access in the build_table function in libavcodec/bitstream.c of Libav 12.1 that will lead to remote denial of service via crafted input. | |||||
| CVE-2017-11681 | 1 Project Hashtopussy | 1 Hashtopussy | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| Incorrect Access Control vulnerability in Hashtopussy 0.4.0 allows remote authenticated users to execute actions that should only be available for administrative roles, as demonstrated by an action=createVoucher request to agents.php. | |||||
| CVE-2017-7547 | 1 Postgresql | 1 Postgresql | 2019-10-03 | 4.0 MEDIUM | 8.8 HIGH |
| PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers to retrieve passwords from the user mappings defined by the foreign server owners without actually having the privileges to do so. | |||||
| CVE-2017-7548 | 1 Postgresql | 1 Postgresql | 2019-10-03 | 4.0 MEDIUM | 7.5 HIGH |
| PostgreSQL versions before 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers with no privileges on a large object to overwrite the entire contents of the object, resulting in a denial of service. | |||||
| CVE-2017-11667 | 1 Openproject | 1 Openproject | 2019-10-03 | 6.8 MEDIUM | 8.1 HIGH |
| OpenProject before 6.1.6 and 7.x before 7.0.3 mishandles session expiry, which allows remote attackers to perform APIv3 requests indefinitely by leveraging a hijacked session. | |||||
| CVE-2017-7561 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| Red Hat JBoss EAP version 3.0.7 through before 4.0.0.Beta1 is vulnerable to a server-side cache poisoning or CORS requests in the JAX-RS component resulting in a moderate impact. | |||||
| CVE-2017-7563 | 1 Arm | 1 Arm Trusted Firmware | 2019-10-03 | 6.8 MEDIUM | 8.1 HIGH |
| In ARM Trusted Firmware 1.3, RO memory is always executable at AArch64 Secure EL1, allowing attackers to bypass the MT_EXECUTE_NEVER protection mechanism. This issue occurs because of inconsistency in the number of execute-never bits (one bit versus two bits). | |||||
| CVE-2017-2825 | 2 Debian, Zabbix | 2 Debian Linux, Zabbix | 2019-10-03 | 6.8 MEDIUM | 7.0 HIGH |
| In the trapper functionality of Zabbix Server 2.4.x, specifically crafted trapper packets can pass database logic checks, resulting in database writes. An attacker can set up a Man-in-the-Middle server to alter trapper requests made between an active Zabbix proxy and Server to trigger this vulnerability. | |||||
| CVE-2017-2824 | 1 Zabbix | 1 Zabbix | 2019-10-03 | 6.8 MEDIUM | 8.1 HIGH |
| An exploitable code execution vulnerability exists in the trapper command functionality of Zabbix Server 2.4.X. A specially crafted set of packets can cause a command injection resulting in remote code execution. An attacker can make requests from an active Zabbix Proxy to trigger this vulnerability. | |||||
| CVE-2017-7605 | 1 Libaacplus Project | 1 Libaacplus | 2019-10-03 | 6.8 MEDIUM | 7.8 HIGH |
| aacplusenc.c in HE-AAC+ Codec (aka libaacplus) 2.0.2 has an assertion failure, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted audio file. | |||||
| CVE-2017-12154 | 1 Linux | 1 Linux Kernel | 2019-10-03 | 3.6 LOW | 7.1 HIGH |
| The prepare_vmcs02 function in arch/x86/kvm/vmx.c in the Linux kernel through 4.13.3 does not ensure that the "CR8-load exiting" and "CR8-store exiting" L0 vmcs02 controls exist in cases where L1 omits the "use TPR shadow" vmcs12 control, which allows KVM L2 guest OS users to obtain read and write access to the hardware CR8 register. | |||||
| CVE-2017-2689 | 1 Siemens | 1 Ruggedcom Rox I | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| Siemens RUGGEDCOM ROX I (all versions) allow an authenticated user to bypass access restrictions in the web interface at port 10000/TCP to obtain privileged file system access or change configuration settings. | |||||
| CVE-2017-7228 | 1 Xen | 1 Xen | 2019-10-03 | 7.2 HIGH | 8.2 HIGH |
| An issue (known as XSA-212) was discovered in Xen, with fixes available for 4.8.x, 4.7.x, 4.6.x, 4.5.x, and 4.4.x. The earlier XSA-29 fix introduced an insufficient check on XENMEM_exchange input, allowing the caller to drive hypervisor memory accesses outside of the guest provided input/output arrays. | |||||
| CVE-2017-7235 | 1 Cloudflare-scrape Project | 1 Cloudflare-scrape | 2019-10-03 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in cloudflare-scrape 1.6.6 through 1.7.1. A malicious website owner could craft a page that executes arbitrary Python code against any cfscrape user who scrapes that website. This is fixed in 1.8.0. | |||||
| CVE-2017-7253 | 1 Dahuasecurity | 2 Ip Camera, Ip Camera Firmware | 2019-10-03 | 9.0 HIGH | 8.8 HIGH |
| Dahua IP Camera devices 3.200.0001.6 can be exploited via these steps: 1. Use the default low-privilege credentials to list all users via a request to a certain URI. 2. Login to the IP camera with admin credentials so as to obtain full control of the target IP camera. During exploitation, the first JSON object encountered has a "Component error: login challenge!" message. The second JSON object encountered has a result indicating a successful admin login. | |||||
| CVE-2017-7293 | 1 Dolby | 2 Dolby Audio X2, Dolby Audio X3 | 2019-10-03 | 7.2 HIGH | 7.8 HIGH |
| The Dolby DAX2 and DAX3 API services are vulnerable to a privilege escalation vulnerability that allows a normal user to get arbitrary system privileges, because these services have .NET code for DCOM. This affects Dolby Audio X2 (DAX2) 1.0, 1.0.1, 1.1, 1.1.1, 1.2, 1.3, 1.3.1, 1.3.2, 1.4, 1.4.1, 1.4.2, 1.4.3, and 1.4.4 and Dolby Audio X3 (DAX3) 1.0 and 1.1. An example affected driver is Realtek Audio Driver 6.0.1.7898 on a Lenovo P50. | |||||
| CVE-2017-1205 | 1 Ibm | 1 Spectrum Lsf | 2019-10-03 | 7.2 HIGH | 8.8 HIGH |
| IBM Platform LSF 10.1 contains an unspecified vulnerability that could allow a local user to escalate their privileges and obtain root access. IBM X-Force ID: 123741. | |||||
| CVE-2017-2699 | 1 Huawei | 6 Honor 7, Honor 7 Firmware, Lyo-l21 and 3 more | 2019-10-03 | 6.8 MEDIUM | 7.8 HIGH |
| The Huawei Themes APP in versions earlier than PLK-UL00C17B385, versions earlier than CRR-L09C432B380, versions earlier than LYO-L21C577B128 has a privilege elevation vulnerability. An attacker could exploit this vulnerability to upload theme packs containing malicious files and trick users into installing the theme packets, resulting in the execution of arbitrary code. | |||||
| CVE-2017-2700 | 1 Huawei | 4 Ac6005, Ac6005 Firmware, Ac6605 and 1 more | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| AC6005 with software V200R006C10, AC6605 with software V200R006C10 have a DoS Vulnerability. An attacker can send malformed packets to the device, which causes the device memory leaks, leading to DoS attacks. | |||||
| CVE-2017-1201 | 1 Ibm | 1 Bigfix Security Compliance Analytics | 2019-10-03 | 2.1 LOW | 7.8 HIGH |
| IBM BigFix Compliance Analytics 1.9.79 (TEMA SUAv1 SCA SCM) stores user credentials in clear text which can be read by a local user. IBM X-Force ID: 123676. | |||||
| CVE-2017-7341 | 1 Fortinet | 1 Fortiwlc | 2019-10-03 | 9.0 HIGH | 7.2 HIGH |
| An OS Command Injection vulnerability in Fortinet FortiWLC 6.1-2 through 6.1-5, 7.0-7 through 7.0-10, 8.0 through 8.2, and 8.3.0 through 8.3.2 file management AP script download webUI page allows an authenticated admin user to execute arbitrary system console commands via crafted HTTP requests. | |||||
| CVE-2017-2707 | 1 Huawei | 2 Mate 9, Mate 9 Firmware | 2019-10-03 | 5.8 MEDIUM | 7.1 HIGH |
| Mate 9 smartphones with software MHA-AL00AC00B125 have a privilege escalation vulnerability in Push module. An attacker tricks a user to save a rich media into message on the smart phone, which could be exploited to cause the attacker to delete message or fake user to send message. | |||||
| CVE-2017-7344 | 1 Fortinet | 1 Forticlient | 2019-10-03 | 7.6 HIGH | 8.1 HIGH |
| A privilege escalation in Fortinet FortiClient Windows 5.4.3 and earlier as well as 5.6.0 allows attacker to gain privilege via exploiting the Windows "security alert" dialog thereby popping up when the "VPN before logon" feature is enabled and an untrusted certificate chain. | |||||
| CVE-2017-7365 | 1 Google | 1 Android | 2019-10-03 | 9.3 HIGH | 7.8 HIGH |
| In all Android releases from CAF using the Linux kernel, a buffer overread can occur if a particular string is not NULL terminated. | |||||
| CVE-2017-5520 | 1 Metalgenix | 1 Genixcms | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| The media rename feature in GeniXCMS through 0.0.8 does not consider alternative PHP file extensions when checking uploaded files for PHP content, which enables a user to rename and execute files with the `.php6`, `.php7` and `.phtml` extensions. | |||||
| CVE-2017-5546 | 1 Linux | 1 Linux Kernel | 2019-10-03 | 7.2 HIGH | 7.8 HIGH |
| The freelist-randomization feature in mm/slab.c in the Linux kernel 4.8.x and 4.9.x before 4.9.5 allows local users to cause a denial of service (duplicate freelist entries and system crash) or possibly have unspecified other impact in opportunistic circumstances by leveraging the selection of a large value for a random number. | |||||
| CVE-2017-5547 | 1 Linux | 1 Linux Kernel | 2019-10-03 | 7.2 HIGH | 7.8 HIGH |
| drivers/hid/hid-corsair.c in the Linux kernel 4.9.x before 4.9.6 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist. | |||||
| CVE-2017-5481 | 1 Trendmicro | 1 Officescan | 2019-10-03 | 4.0 MEDIUM | 8.8 HIGH |
| Trend Micro OfficeScan 11.0 before SP1 CP 6325 and XG before CP 1352 allows remote authenticated users to gain privileges by leveraging a leak of an encrypted password during a web-console operation. | |||||
| CVE-2017-5455 | 2 Mozilla, Redhat | 8 Firefox, Firefox Esr, Enterprise Linux and 5 more | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| The internal feed reader APIs that crossed the sandbox barrier allowed for a sandbox escape and escalation of privilege if combined with another vulnerability that resulted in remote code execution inside the sandboxed process. This vulnerability affects Firefox ESR < 52.1 and Firefox < 53. | |||||
| CVE-2017-5419 | 1 Mozilla | 2 Firefox, Thunderbird | 2019-10-03 | 7.8 HIGH | 7.5 HIGH |
| If a malicious site repeatedly triggers a modal authentication prompt, eventually the browser UI will become non-responsive, requiring shutdown through the operating system. This is a denial of service (DOS) attack. This vulnerability affects Firefox < 52 and Thunderbird < 52. | |||||
| CVE-2017-14993 | 1 Oxid-esales | 1 Eshop | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| OXID eShop Community Edition before 6.0.0 RC3 (development), 4.10.x before 4.10.6 (maintenance), and 4.9.x before 4.9.11 (legacy), Enterprise Edition before 6.0.0 RC3 (development), 5.2.x before 5.2.11 (legacy), and 5.3.x before 5.3.6 (maintenance), and Professional Edition before 6.0.0 RC3 (development), 4.9.x before 4.9.11 (legacy) and 4.10.x before 4.10.6 (maintenance) allow remote attackers to crawl specially crafted URLs (aka "forced browsing") in order to overflow the database of the shop and consequently make it stop working. Prerequisite: the shop allows rendering empty categories to the storefront via an admin option. | |||||
| CVE-2017-5388 | 1 Mozilla | 1 Firefox | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| A STUN server in conjunction with a large number of "webkitRTCPeerConnection" objects can be used to send large STUN packets in a short period of time due to a lack of rate limiting being applied on e10s systems, allowing for a denial of service attack. This vulnerability affects Firefox < 51. | |||||
| CVE-2017-15013 | 1 Opentext | 1 Documentum Content Server | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design gap, which allows an authenticated user to gain superuser privileges: Content Server stores information about uploaded files in dmr_content objects, which are queryable and "editable" (before release 7.2P02, any authenticated user was able to edit dmr_content objects; now any authenticated user may delete a dmr_content object and then create a new one with the old identifier) by authenticated users; this allows any authenticated user to replace the content of security-sensitive dmr_content objects (for example, dmr_content related to dm_method objects) and gain superuser privileges. | |||||
| CVE-2017-5548 | 1 Linux | 1 Linux Kernel | 2019-10-03 | 7.2 HIGH | 7.8 HIGH |
| drivers/net/ieee802154/atusb.c in the Linux kernel 4.9.x before 4.9.6 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist. | |||||
| CVE-2017-5386 | 3 Debian, Mozilla, Redhat | 9 Debian Linux, Firefox, Firefox Esr and 6 more | 2019-10-03 | 7.5 HIGH | 7.3 HIGH |
| WebExtension scripts can use the "data:" protocol to affect pages loaded by other web extensions using this protocol, leading to potential data disclosure or privilege escalation in affected extensions. This vulnerability affects Firefox ESR < 45.7 and Firefox < 51. | |||||
| CVE-2017-5554 | 1 Oneplus | 3 Oneplus 3, Oneplus 3t, Oxygenos | 2019-10-03 | 9.3 HIGH | 8.1 HIGH |
| An issue was discovered in ABOOT in OnePlus 3 and 3T OxygenOS before 4.0.2. The attacker can reboot the device into the fastboot mode, which could be done without any authentication. A physical attacker can press the "Volume Up" button during device boot, where an attacker with ADB access can issue the adb reboot bootloader command. Then, the attacker can put the platform's SELinux in permissive mode, which severely weakens it, by issuing: fastboot oem selinux permissive. | |||||
| CVE-2017-5381 | 1 Mozilla | 1 Firefox | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| The "export" function in the Certificate Viewer can force local filesystem navigation when the "common name" in a certificate contains slashes, allowing certificate content to be saved in unsafe locations with an arbitrary filename. This vulnerability affects Firefox < 51. | |||||
| CVE-2017-15020 | 1 Gnu | 1 Binutils | 2019-10-03 | 6.8 MEDIUM | 7.8 HIGH |
| dwarf1.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles pointers, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted ELF file, related to parse_die and parse_line_table, as demonstrated by a parse_die heap-based buffer over-read. | |||||
| CVE-2017-17091 | 1 Wordpress | 1 Wordpress | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| wp-admin/user-new.php in WordPress before 4.9.1 sets the newbloguser key to a string that can be directly derived from the user ID, which allows remote attackers to bypass intended access restrictions by entering this string. | |||||
| CVE-2017-15189 | 1 Wireshark | 1 Wireshark | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 2.4.0 to 2.4.1, the DOCSIS dissector could go into an infinite loop. This was addressed in plugins/docsis/packet-docsis.c by adding decrements. | |||||
| CVE-2017-5350 | 1 Samsung | 1 Samsung Mobile | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| Samsung Note devices with L(5.0/5.1), M(6.0), and N(7.0) software allow attackers to crash systemUI by leveraging incomplete exception handling. The Samsung ID is SVE-2016-7122. | |||||
| CVE-2017-14929 | 1 Freedesktop | 1 Poppler | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| In Poppler 0.59.0, memory corruption occurs in a call to Object::dictLookup() in Object.h after a repeating series of Gfx::display, Gfx::go, Gfx::execOp, Gfx::opFill, Gfx::doPatternFill, Gfx::doTilingPatternFill and Gfx::drawForm calls (aka a Gfx.cc infinite loop), a different vulnerability than CVE-2017-14519. | |||||
| CVE-2017-14904 | 1 Google | 1 Android | 2019-10-03 | 7.2 HIGH | 7.8 HIGH |
| In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a crafted binder request can cause an arbitrary unmap in MediaServer. | |||||
| CVE-2017-5563 | 1 Libtiff | 1 Libtiff | 2019-10-03 | 6.8 MEDIUM | 8.8 HIGH |
| LibTIFF version 4.0.7 is vulnerable to a heap-based buffer over-read in tif_lzw.c resulting in DoS or code execution via a crafted bmp image to tools/bmp2tiff. | |||||
| CVE-2017-5596 | 1 Wireshark | 1 Wireshark | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 2.2.0 to 2.2.3 and 2.0.0 to 2.0.9, the ASTERIX dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-asterix.c by changing a data type to avoid an integer overflow. | |||||
| CVE-2017-5635 | 1 Apache | 1 Nifi | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| In Apache NiFi before 0.7.2 and 1.x before 1.1.2 in a cluster environment, if an anonymous user request is replicated to another node, the originating node identity is used rather than the "anonymous" user. | |||||