Search
Total
49350 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-0983 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2019-10-03 | 6.9 MEDIUM | 7.0 HIGH |
| Windows Storage Services in Windows 10 versions 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka "Windows Storage Services Elevation of Privilege Vulnerability". | |||||
| CVE-2018-0982 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2019-10-03 | 6.9 MEDIUM | 7.0 HIGH |
| An elevation of privilege vulnerability exists in the way that the Windows Kernel API enforces permissions, aka "Windows Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. | |||||
| CVE-2017-3876 | 1 Cisco | 1 Ios Xr | 2019-10-03 | 7.8 HIGH | 7.5 HIGH |
| A vulnerability in the Event Management Service daemon (emsd) of Cisco IOS XR routers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected device. The vulnerability is due to improper handling of gRPC requests. An attacker could exploit this vulnerability by repeatedly sending unauthenticated gRPC requests to the affected device. A successful exploit could allow the attacker to crash the device in such a manner that manual intervention is required to recover. This vulnerability affects all Cisco IOS XR platforms that are running release 6.1.1 of Cisco IOS XR Software when the gRPC service is enabled on the device. The gRPC service is not enabled by default. Cisco Bug IDs: CSCvb14441. | |||||
| CVE-2017-3891 | 1 Blackberry | 1 Qnx Software Development Platform | 2019-10-03 | 6.8 MEDIUM | 8.1 HIGH |
| In BlackBerry QNX Software Development Platform (SDP) 6.6.0, an elevation of privilege vulnerability in the default configuration of the QNX SDP with QNet enabled on networks comprising two or more QNet nodes could allow an attacker to access local and remote files or take ownership of files on other QNX nodes regardless of permissions by executing commands targeting arbitrary nodes from a secondary QNX 6.6.0 QNet node. | |||||
| CVE-2017-4952 | 1 Vmware | 1 Xenon | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| VMware Xenon 1.x, prior to 1.5.4-CR7_1, 1.5.7_7, 1.5.4-CR6_2, 1.3.7-CR1_2, 1.1.0-CR0-3, 1.1.0-CR3_1,1.4.2-CR4_1, and 1.5.4_8, contains an authentication bypass vulnerability due to insufficient access controls for utility endpoints. Successful exploitation of this issue may result in information disclosure. | |||||
| CVE-2018-0977 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2019-10-03 | 6.9 MEDIUM | 7.0 HIGH |
| The Windows kernel mode driver in Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to how objects are handled in memory, aka "Win32k Elevation of Privilege Vulnerability". | |||||
| CVE-2018-0963 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2019-10-03 | 4.6 MEDIUM | 7.8 HIGH |
| An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka "Windows Kernel Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. | |||||
| CVE-2017-4057 | 1 Mcafee | 1 Advanced Threat Defense | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| Privilege Escalation vulnerability in the web interface in McAfee Advanced Threat Defense (ATD) 3.10, 3.8, 3.6, 3.4 allows remote authenticated users to gain elevated privileges via the GUI or GUI terminal commands. | |||||
| CVE-2017-5198 | 1 Solarwinds | 1 Log And Event Manager | 2019-10-03 | 7.2 HIGH | 8.8 HIGH |
| SolarWinds LEM (aka SIEM) before 6.3.1 has an incorrect sudo configuration, which allows local users to obtain root access by editing /usr/local/contego/scripts/hostname.sh. | |||||
| CVE-2017-5199 | 1 Solarwinds | 1 Log And Event Manager | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| The editbanner feature in SolarWinds LEM (aka SIEM) through 6.3.1 allows remote authenticated users to execute arbitrary code by editing /usr/local/contego/scripts/mgrconfig.pl. | |||||
| CVE-2017-5200 | 1 Saltstack | 1 Salt | 2019-10-03 | 9.0 HIGH | 8.8 HIGH |
| Salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2 allows arbitrary command execution on a salt-master via Salt's ssh_client. | |||||
| CVE-2018-0952 | 1 Microsoft | 4 Visual Studio 2015, Visual Studio 2017, Windows 10 and 1 more | 2019-10-03 | 7.2 HIGH | 7.8 HIGH |
| An Elevation of Privilege vulnerability exists when Diagnostics Hub Standard Collector allows file creation in arbitrary locations, aka "Diagnostic Hub Standard Collector Elevation Of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Microsoft Visual Studio, Windows 10 Servers. | |||||
| CVE-2018-0947 | 1 Microsoft | 1 Sharepoint Enterprise Server | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| Microsoft SharePoint Foundation 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0909, CVE-2018-0910. CVE-2018-0911, CVE-2018-0912, CVE-2018-0913 CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923 and CVE-2018-0944. | |||||
| CVE-2018-0944 | 1 Microsoft | 2 Project Server, Sharepoint Enterprise Server | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allows an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0909, CVE-2018-0910. CVE-2018-0911, CVE-2018-0912, CVE-2018-0913 CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923 and CVE-2018-0947. | |||||
| CVE-2017-16001 | 1 Hashicorp | 1 Vagrant | 2019-10-03 | 7.2 HIGH | 7.8 HIGH |
| In HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.1, a local attacker or malware can silently subvert the plugin update process in order to escalate to root privileges. | |||||
| CVE-2017-15998 | 1 Nq | 1 Contacts Backup \& Restore | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| In the "NQ Contacts Backup & Restore" application 1.1 for Android, DES encryption with a static key is used to secure transmitted contact data. This makes it easier for remote attackers to obtain cleartext information by sniffing the network. | |||||
| CVE-2017-15997 | 1 Nq | 1 Contacts Backup \& Restore | 2019-10-03 | 2.1 LOW | 7.8 HIGH |
| In the "NQ Contacts Backup & Restore" application 1.1 for Android, RC4 encryption is used to secure the user password locally stored in shared preferences. Because there is a static RC4 key, an attacker can gain access to user credentials more easily by leveraging access to the preferences XML file. | |||||
| CVE-2017-5419 | 1 Mozilla | 2 Firefox, Thunderbird | 2019-10-03 | 7.8 HIGH | 7.5 HIGH |
| If a malicious site repeatedly triggers a modal authentication prompt, eventually the browser UI will become non-responsive, requiring shutdown through the operating system. This is a denial of service (DOS) attack. This vulnerability affects Firefox < 52 and Thunderbird < 52. | |||||
| CVE-2018-15478 | 1 Mystrom | 12 Wifi Bulb, Wifi Bulb Firmware, Wifi Button and 9 more | 2019-10-03 | 6.8 MEDIUM | 8.1 HIGH |
| An issue was discovered in myStrom WiFi Switch V1 before 2.66, WiFi Switch V2 before 3.80, WiFi Switch EU before 3.80, WiFi Bulb before 2.58, WiFi LED Strip before 3.80, WiFi Button before 2.73, and WiFi Button Plus before 2.73. The process of registering a device with a cloud account was based on an activation code derived from the device MAC address. By guessing valid MAC addresses or using MAC addresses printed on devices in shops and reverse engineering the protocol, an attacker would have been able to register previously unregistered devices to their account. When the rightful owner would have connected them after purchase to their WiFi network, the devices would not have registered with their account, would subsequently not have been controllable from the owner's mobile app, and would not have been visible in the owner's account. Instead, they would have been under control of the attacker. | |||||
| CVE-2018-15480 | 1 Mystrom | 12 Wifi Bulb, Wifi Bulb Firmware, Wifi Button and 9 more | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in myStrom WiFi Switch V1 before 2.66, WiFi Switch V2 before 3.80, WiFi Switch EU before 3.80, WiFi Bulb before 2.58, WiFi LED Strip before 3.80, WiFi Button before 2.73, and WiFi Button Plus before 2.73. The cloud API had a hidden parameter, which allowed an authenticated user to reconfigure the server URL for a device registered to their account. In combination with an insecure device registration vulnerability, this allowed an attacker to reconfigure a maliciously registered device to their own rogue replica of the myStrom API and issue commands to the device, including firmware update commands. | |||||
| CVE-2018-0923 | 1 Microsoft | 1 Sharepoint Enterprise Server | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| Microsoft SharePoint Enterprise Server 2016 allows an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0909, CVE-2018-0910. CVE-2018-0911, CVE-2018-0912, CVE-2018-0913 CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0944 and CVE-2018-0947. | |||||
| CVE-2017-1598 | 1 Ibm | 1 Security Guardium | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Security Guardium 10.0 Database Activity Monitor uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 132611. | |||||
| CVE-2018-0921 | 1 Microsoft | 1 Sharepoint Enterprise Server | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| Microsoft SharePoint Enterprise Server 2016 allows an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0909, CVE-2018-0910. CVE-2018-0911, CVE-2018-0912, CVE-2018-0913 CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0923, CVE-2018-0944 and CVE-2018-0947. | |||||
| CVE-2017-5520 | 1 Metalgenix | 1 Genixcms | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| The media rename feature in GeniXCMS through 0.0.8 does not consider alternative PHP file extensions when checking uploaded files for PHP content, which enables a user to rename and execute files with the `.php6`, `.php7` and `.phtml` extensions. | |||||
| CVE-2017-1779 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2019-10-03 | 2.1 LOW | 7.8 HIGH |
| IBM Cognos Analytics 11.0 could store cached credentials locally that could be obtained by a local user. IBM X-Force ID: 136824. | |||||
| CVE-2018-0917 | 1 Microsoft | 1 Sharepoint Enterprise Server | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| Microsoft SharePoint Enterprise Server 2016 allows an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0909, CVE-2018-0910. CVE-2018-0911, CVE-2018-0912, CVE-2018-0913 CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0921, CVE-2018-0923, CVE-2018-0944 and CVE-2018-0947. | |||||
| CVE-2017-5635 | 1 Apache | 1 Nifi | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| In Apache NiFi before 0.7.2 and 1.x before 1.1.2 in a cluster environment, if an anonymous user request is replicated to another node, the originating node identity is used rather than the "anonymous" user. | |||||
| CVE-2018-15481 | 1 Ucopia | 2 Wireless Appliance, Wireless Appliance Firmware | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| Improper input sanitization within the restricted administration shell on UCOPIA Wireless Appliance devices using firmware version 5.1.x before 5.1.13 allows authenticated remote attackers to escape the shell and escalate their privileges by adding a LocalCommand to the SSH configuration file in the user home folder. | |||||
| CVE-2017-5671 | 1 Honeywell | 14 Intermec Pc23, Intermec Pc23 Firmware, Intermec Pc42 and 11 more | 2019-10-03 | 7.2 HIGH | 8.8 HIGH |
| Honeywell Intermec PM23, PM42, PM43, PC23, PC43, PD43, and PC42 industrial printers before 10.11.013310 and 10.12.x before 10.12.013309 have /usr/bin/lua installed setuid to the itadmin account, which allows local users to conduct a BusyBox jailbreak attack and obtain root privileges by overwriting the /etc/shadow file. | |||||
| CVE-2018-0916 | 1 Microsoft | 2 Project Server, Sharepoint Enterprise Server | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0909, CVE-2018-0910. CVE-2018-0911, CVE-2018-0912, CVE-2018-0913 CVE-2018-0914, CVE-2018-0915, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923, CVE-2018-0944 and CVE-2018-0947. | |||||
| CVE-2018-0915 | 1 Microsoft | 2 Project Server, Sharepoint Enterprise Server | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0909, CVE-2018-0910. CVE-2018-0911, CVE-2018-0912, CVE-2018-0914, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923, CVE-2018-0944 and CVE-2018-0947. | |||||
| CVE-2018-0914 | 1 Microsoft | 2 Project Server, Sharepoint Enterprise Server | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0909, CVE-2018-0910. CVE-2018-0911, CVE-2018-0912, CVE-2018-0913, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923, CVE-2018-0944 and CVE-2018-0947. | |||||
| CVE-2017-5722 | 1 Intel | 10 Nuc7i3bnh, Nuc7i3bnh Firmware, Nuc7i3bnk and 7 more | 2019-10-03 | 4.4 MEDIUM | 7.5 HIGH |
| Incorrect policy enforcement in system firmware for Intel NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, NUC7i7BNH versions BN0049 and below allows attackers with local or physical access to bypass enforcement of integrity protections via manipulation of firmware storage. | |||||
| CVE-2018-0913 | 1 Microsoft | 2 Project Server, Sharepoint Enterprise Server | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0909, CVE-2018-0910. CVE-2018-0911, CVE-2018-0913, CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923, CVE-2018-0944 and CVE-2018-0947. | |||||
| CVE-2017-5729 | 1 Intel | 16 Active Management Technology, Dual Band Wireless-ac 3160, Dual Band Wireless-ac 3165 and 13 more | 2019-10-03 | 5.8 MEDIUM | 7.4 HIGH |
| Frame replay vulnerability in Wi-Fi subsystem in Intel Dual-Band and Tri-Band Wireless-AC Products allows remote attacker to replay frames via channel-based man-in-the-middle. | |||||
| CVE-2018-15515 | 1 Dlink | 1 Central Wifimanager | 2019-10-03 | 7.2 HIGH | 7.8 HIGH |
| The CaptivelPortal service on D-Link Central WiFiManager CWM-100 1.03 r0098 devices will load a Trojan horse "quserex.dll" from the CaptivelPortal.exe subdirectory under the D-Link directory, which allows unprivileged local users to gain SYSTEM privileges. | |||||
| CVE-2018-0912 | 1 Microsoft | 2 Project Server, Sharepoint Enterprise Server | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0909, CVE-2018-0910. CVE-2018-0911, CVE-2018-0913, CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923, CVE-2018-0944 and CVE-2018-0947. | |||||
| CVE-2018-0911 | 1 Microsoft | 2 Project Server, Sharepoint Enterprise Server | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0909, CVE-2018-0910, CVE-2018-0912, CVE-2018-0913, CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923, CVE-2018-0944 and CVE-2018-0947. | |||||
| CVE-2017-5829 | 1 Hp | 1 Aruba Clearpass Policy Manager | 2019-10-03 | 4.6 MEDIUM | 7.8 HIGH |
| An access restriction bypass vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found. | |||||
| CVE-2017-5835 | 1 Libimobiledevice | 1 Libplist | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| libplist allows attackers to cause a denial of service (large memory allocation and crash) via vectors involving an offset size of zero. | |||||
| CVE-2018-0910 | 1 Microsoft | 2 Project Server, Sharepoint Enterprise Server | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0909, CVE-2018-0911, CVE-2018-0912, CVE-2018-0913, CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923, CVE-2018-0944 and CVE-2018-0947. | |||||
| CVE-2018-0909 | 1 Microsoft | 2 Project Server, Sharepoint Enterprise Server | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0910, CVE-2018-0911, CVE-2018-0912, CVE-2018-0913, CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923, CVE-2018-0944 and CVE-2018-0947. | |||||
| CVE-2017-5839 | 1 Gstreamer Project | 1 Gstreamer | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 does not properly limit recursion, which allows remote attackers to cause a denial of service (stack overflow and crash) via vectors involving nested WAVEFORMATEX. | |||||
| CVE-2017-15924 | 2 Debian, Shadowsocks | 2 Debian Linux, Shadowsocks-libev | 2019-10-03 | 7.2 HIGH | 7.8 HIGH |
| In manager.c in ss-manager in shadowsocks-libev 3.1.0, improper parsing allows command injection via shell metacharacters in a JSON configuration request received via 127.0.0.1 UDP traffic, related to the add_server, build_config, and construct_command_line functions. | |||||
| CVE-2017-15923 | 2 Debian, Konversation | 2 Debian Linux, Konversation | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| Konversation 1.4.x, 1.5.x, 1.6.x, and 1.7.x before 1.7.3 allow remote attackers to cause a denial of service (crash) via vectors related to parsing of IRC color formatting codes. | |||||
| CVE-2018-15685 | 1 Electronjs | 1 Electron | 2019-10-03 | 6.8 MEDIUM | 8.1 HIGH |
| GitHub Electron 1.7.15, 1.8.7, 2.0.7, and 3.0.0-beta.6, in certain scenarios involving IFRAME elements and "nativeWindowOpen: true" or "sandbox: true" options, is affected by a WebPreferences vulnerability that can be leveraged to perform remote code execution. | |||||
| CVE-2018-0907 | 1 Microsoft | 2 Excel, Office | 2019-10-03 | 6.8 MEDIUM | 7.8 HIGH |
| Microsoft Excel 2007 SP3, Microsoft Excel 2010 SP2, Microsoft Excel 2013 SP1, Microsoft Excel 2016, Microsoft Office 2016 Click-to-Run and Microsoft Office 2016 for Mac allow a security feature bypass vulnerability due to how macro settings are enforced, aka "Microsoft Office Excel Security Feature Bypass". | |||||
| CVE-2017-15918 | 1 Ignitum | 1 Sera | 2019-10-03 | 2.1 LOW | 7.8 HIGH |
| Sera 1.2 stores the user's login password in plain text in their home directory. This makes privilege escalation trivial and also exposes the user and system keychains to local attacks. | |||||
| CVE-2017-15914 | 1 Borgbackup | 1 Borg | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| Incorrect implementation of access controls allows remote users to override repository restrictions in Borg servers 1.1.x before 1.1.3. | |||||
| CVE-2017-5936 | 2 Canonical, Openstack | 2 Ubuntu Linux, Nova-lxd | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| OpenStack Nova-LXD before 13.1.1 uses the wrong name for the veth pairs when applying Neutron security group rules for instances, which allows remote attackers to bypass intended security restrictions. | |||||