Search
Total
49350 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-16957 | 1 Tp-link | 108 Tl-er3210g, Tl-er3210g Firmware, Tl-er3220g and 105 more | 2019-10-03 | 9.0 HIGH | 8.8 HIGH |
| TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the iface field of an admin/diagnostic command to cgi-bin/luci, related to the zone_get_effect_devices function in /usr/lib/lua/luci/controller/admin/diagnostic.lua in uhttpd. | |||||
| CVE-2017-16958 | 1 Tp-link | 108 Tl-er3210g, Tl-er3210g Firmware, Tl-er3220g and 105 more | 2019-10-03 | 9.0 HIGH | 8.8 HIGH |
| TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the t_bindif field of an admin/bridge command to cgi-bin/luci, related to the get_device_byif function in /usr/lib/lua/luci/controller/admin/bridge.lua in uhttpd. | |||||
| CVE-2017-16960 | 1 Tp-link | 93 Tl-er3210g, Tl-er3210g Firmware, Tl-er3220g and 90 more | 2019-10-03 | 9.0 HIGH | 8.8 HIGH |
| TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the t_bindif field of an admin/interface command to cgi-bin/luci, related to the get_device_byif function in /usr/lib/lua/luci/controller/admin/interface.lua in uhttpd. | |||||
| CVE-2017-17051 | 1 Openstack | 1 Nova | 2019-10-03 | 4.0 MEDIUM | 8.6 HIGH |
| An issue was discovered in the default FilterScheduler in OpenStack Nova 16.0.3. By repeatedly rebuilding an instance with new images, an authenticated user may consume untracked resources on a hypervisor host leading to a denial of service, aka doubled resource allocations. This regression was introduced with the fix for OSSA-2017-005 (CVE-2017-16239); however, only Nova stable/pike or later deployments with that fix applied and relying on the default FilterScheduler are affected. | |||||
| CVE-2017-17020 | 1 D-link | 6 Dcs-5009, Dcs-5009 Firmware, Dcs-5010 and 3 more | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| On D-Link DCS-5009 devices with firmware 1.08.11 and earlier, DCS-5010 devices with firmware 1.14.09 and earlier, and DCS-5020L devices with firmware before 1.15.01, command injection in alphapd (binary responsible for running the camera's web server) allows remote authenticated attackers to execute code through sanitized /setSystemAdmin user input in the AdminID field being passed directly to a call to system. | |||||
| CVE-2017-17023 | 2 Ncp-e, Sophos | 2 Ncp Secure Entry Client, Ipsec Client | 2019-10-03 | 9.3 HIGH | 8.1 HIGH |
| The Sophos UTM VPN endpoint interacts with client software provided by NPC Engineering (www.ncp-e.com). The affected client software, "Sophos IPSec Client" 11.04 is a rebranded version of NCP "Secure Entry Client" 10.11 r32792. A vulnerability in the software update feature of the VPN client allows a man-in-the-middle (MITM) or man-on-the-side (MOTS) attacker to execute arbitrary, malicious software on a target user's computer. This is related to SIC_V11.04-64.exe (Sophos), NCP_EntryCl_Windows_x86_1004_31799.exe (NCP), and ncpmon.exe (both Sophos and NCP). The vulnerability exists because: (1) the VPN client requests update metadata over an insecure HTTP connection; and (2) the client software does not check if the software update is signed before running it. | |||||
| CVE-2017-17045 | 1 Xen | 1 Xen | 2019-10-03 | 7.2 HIGH | 8.8 HIGH |
| An issue was discovered in Xen through 4.9.x allowing HVM guest OS users to gain privileges on the host OS, obtain sensitive information, or cause a denial of service (BUG and host OS crash) by leveraging the mishandling of Populate on Demand (PoD) Physical-to-Machine (P2M) errors. | |||||
| CVE-2017-17066 | 2 Getkovri, I2pd | 2 Kovri, I2pd | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| The (1) i2pd before 2.17 and (2) kovri pre-alpha implementations of the I2P routing protocol do not properly handle Garlic DeliveryTypeTunnel packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading sensitive router memory, aka the GarlicRust bug. | |||||
| CVE-2017-17090 | 1 Digium | 2 Asterisk, Certified Asterisk | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in chan_skinny.c in Asterisk Open Source 13.18.2 and older, 14.7.2 and older, and 15.1.2 and older, and Certified Asterisk 13.13-cert7 and older. If the chan_skinny (aka SCCP protocol) channel driver is flooded with certain requests, it can cause the asterisk process to use excessive amounts of virtual memory, eventually causing asterisk to stop processing requests of any kind. | |||||
| CVE-2017-17125 | 1 Gnu | 1 Binutils | 2019-10-03 | 6.8 MEDIUM | 7.8 HIGH |
| nm.c and objdump.c in GNU Binutils 2.29.1 mishandle certain global symbols, which allows remote attackers to cause a denial of service (_bfd_elf_get_symbol_version_string buffer over-read and application crash) or possibly have unspecified other impact via a crafted ELF file. | |||||
| CVE-2017-1714 | 1 Ibm | 2 Client Application Access, Notes | 2019-10-03 | 7.2 HIGH | 7.8 HIGH |
| IBM Notes and Domino NSD 8.5 and 9.0 could allow an authenticated local user without administrative privileges to gain System privilege. IBM X-Force ID: 134633. | |||||
| CVE-2017-17146 | 1 Huawei | 2 Dp300, Dp300 Firmware | 2019-10-03 | 7.2 HIGH | 7.8 HIGH |
| Huawei DP300 V500R002C00 have a buffer overflow vulnerability due to the lack of validation. An authenticated local attacker can craft specific XML files to the affected products and parse this file, which result in DoS attacks or remote code execution on the device. | |||||
| CVE-2017-17153 | 1 Huawei | 16 Ips Module, Ips Module Firmware, Ngfw Module and 13 more | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| IKEv2 in Huawei IPS Module V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NGFW Module V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NIP6300 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NIP6600 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, Secospace USG6300 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, Secospace USG6500 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, Secospace USG6600 V500R001C00, V500R001C00SPC100, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC301, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200PWE, V500R001C20SPC300, V500R001C20SPC300B078, V500R001C20SPC300PWE, USG9500 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC303, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE has a memory leak vulnerability due to memory release failure resulted from insufficient input validation. An attacker could exploit it to cause memory leak, which may further lead to system exceptions. | |||||
| CVE-2017-17172 | 1 Huawei | 2 Lyo-l21, Lyo-l21 Firmware | 2019-10-03 | 4.4 MEDIUM | 7.3 HIGH |
| Huawei smart phones LYO-L21 with software LYO-L21C479B107, LYO-L21C479B107 have a privilege escalation vulnerability. An authenticated, local attacker can crafts malformed packets after tricking a user to install a malicious application and exploit this vulnerability when in the exception handling process. Successful exploitation may cause the attacker to obtain a higher privilege of the smart phones. | |||||
| CVE-2017-17256 | 1 Huawei | 90 Ar120-s, Ar120-s Firmware, Ar1200 and 87 more | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR1200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR150 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR150-S V200R006C10SPC300, V200R007C00, V200R008C20, V200R008C30, AR160 V200R006C10, V200R006C12, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR200 V200R006C10, V200R007C00, V200R007C01, V200R008C20, V200R008C30, AR200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR2200 V200R006C10, V200R006C13, V200R006C16PWE, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR2200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR3200 V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30, AR3600 V200R006C10, V200R007C00, V200R007C01, V200R008C20, AR510 V200R006C10, V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00SPC180T, V200R008C20, V200R008C30, DP300 V500R002C00, IPS Module V100R001C10SPC200, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, NGFW Module V100R001C10SPC200, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R002C00, V500R002C10, NIP6300 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6600 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6800 V500R001C50, NetEngine16EX V200R006C10, V200R007C00, V200R008C20, V200R008C30, RSE6500 V500R002C00, SRG1300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG2300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG3300 V200R006C10, V200R007C00, V200R008C20, V200R008C30, SVN5600 V200R003C00, V200R003C10, SVN5800 V200R003C00, V200R003C10, SVN5800-C V200R003C00, V200R003C10, SeMG9811 V300R001C01, Secospace USG6300 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6500 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6600 V100R001C00SPC200, V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, V500R001C60, TE30 V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00, TP3106 V100R002C00, TP3206 V100R002C00, V100R002C10, USG6000V V500R001C20, USG9500 V500R001C00, V500R001C20, V500R001C30, V500R001C50, USG9520 V300R001C01, V300R001C20, USG9560 V300R001C01, V300R001C20, USG9580 V300R001C01, V300R001C20, VP9660 V500R002C00, V500R002C10, ViewPoint 8660 V100R008C03, ViewPoint 9030 V100R011C02 has a memory leak vulnerability in H323 protocol. An unauthenticated, remote attacker could craft malformed packets and send the packets to the affected products. Due to insufficient verification of the packets, successful exploit could cause a memory leak and eventual denial of service (DoS) condition. | |||||
| CVE-2017-17257 | 1 Huawei | 90 Ar120-s, Ar120-s Firmware, Ar1200 and 87 more | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR1200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR150 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR150-S V200R006C10SPC300, V200R007C00, V200R008C20, V200R008C30, AR160 V200R006C10, V200R006C12, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR200 V200R006C10, V200R007C00, V200R007C01, V200R008C20, V200R008C30, AR200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR2200 V200R006C10, V200R006C13, V200R006C16PWE, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR2200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR3200 V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30, AR3600 V200R006C10, V200R007C00, V200R007C01, V200R008C20, AR510 V200R006C10, V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00SPC180T, V200R008C20, V200R008C30, DP300 V500R002C00, IPS Module V100R001C10SPC200, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, NGFW Module V100R001C10SPC200, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R002C00, V500R002C10, NIP6300 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6600 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6800 V500R001C50, NetEngine16EX V200R006C10, V200R007C00, V200R008C20, V200R008C30, RSE6500 V500R002C00, SRG1300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG2300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG3300 V200R006C10, V200R007C00, V200R008C20, V200R008C30, SVN5600 V200R003C00, V200R003C10, SVN5800 V200R003C00, V200R003C10, SVN5800-C V200R003C00, V200R003C10, SeMG9811 V300R001C01, Secospace USG6300 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6500 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6600 V100R001C00SPC200, V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, V500R001C60, TE30 V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00, TP3106 V100R002C00, TP3206 V100R002C00, V100R002C10, USG6000V V500R001C20, USG9500 V500R001C00, V500R001C20, V500R001C30, V500R001C50, USG9520 V300R001C01, V300R001C20, USG9560 V300R001C01, V300R001C20, USG9580 V300R001C01, V300R001C20, VP9660 V500R002C00, V500R002C10, ViewPoint 8660 V100R008C03, ViewPoint 9030 V100R011C02 has a memory leak vulnerability in H323 protocol. An unauthenticated, remote attacker could craft malformed packets and send the packets to the affected products. Due to insufficient verification of the packets, successful exploit could cause a memory leak and eventual denial of service (DoS) condition. | |||||
| CVE-2017-17258 | 1 Huawei | 90 Ar120-s, Ar120-s Firmware, Ar1200 and 87 more | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR1200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR150 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR150-S V200R006C10SPC300, V200R007C00, V200R008C20, V200R008C30, AR160 V200R006C10, V200R006C12, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR200 V200R006C10, V200R007C00, V200R007C01, V200R008C20, V200R008C30, AR200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR2200 V200R006C10, V200R006C13, V200R006C16PWE, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR2200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR3200 V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30, AR3600 V200R006C10, V200R007C00, V200R007C01, V200R008C20, AR510 V200R006C10, V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00SPC180T, V200R008C20, V200R008C30, DP300 V500R002C00, IPS Module V100R001C10SPC200, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, NGFW Module V100R001C10SPC200, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R002C00, V500R002C10, NIP6300 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6600 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6800 V500R001C50, NetEngine16EX V200R006C10, V200R007C00, V200R008C20, V200R008C30, RSE6500 V500R002C00, SRG1300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG2300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG3300 V200R006C10, V200R007C00, V200R008C20, V200R008C30, SVN5600 V200R003C00, V200R003C10, SVN5800 V200R003C00, V200R003C10, SVN5800-C V200R003C00, V200R003C10, SeMG9811 V300R001C01, Secospace USG6300 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6500 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6600 V100R001C00SPC200, V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, V500R001C60, TE30 V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00, TP3106 V100R002C00, TP3206 V100R002C00, V100R002C10, USG6000V V500R001C20, USG9500 V500R001C00, V500R001C20, V500R001C30, V500R001C50, USG9520 V300R001C01, V300R001C20, USG9560 V300R001C01, V300R001C20, USG9580 V300R001C01, V300R001C20, VP9660 V500R002C00, V500R002C10, ViewPoint 8660 V100R008C03, ViewPoint 9030 V100R011C02 has a resource management vulnerability in H323 protocol. An unauthenticated, remote attacker could craft malformed packets and send the packets to the affected products in the case of failure to apply for memory. Due to insufficient validation of packets, which could be exploited to cause process crash. | |||||
| CVE-2017-17290 | 1 Huawei | 4 Te60, Te60 Firmware, Viewpoint 9030 and 1 more | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| The Light Directory Access Protocol (LDAP) clients of Huawei TE60 with software V600R006C00, ViewPoint 9030 with software V100R011C02, V100R011C03 have a resource management errors vulnerability. An unauthenticated, remote attacker may make the LDAP server not respond to the client's request by controlling the LDAP server. Due to improper management of LDAP connection resource, a successful exploit may cause the connection resource exhausted of the LDAP client. | |||||
| CVE-2017-17300 | 1 Huawei | 10 S12700, S12700 Firmware, S5700 and 7 more | 2019-10-03 | 7.8 HIGH | 7.5 HIGH |
| Huawei S12700 V200R008C00, V200R009C00, S5700 V200R007C00, V200R008C00, V200R009C00, S6700 V200R008C00, V200R009C00, S7700 V200R008C00, V200R009C00, S9700 V200R008C00, V200R009C00 have a numeric errors vulnerability. An unauthenticated, remote attacker may send specific TCP messages with keychain authentication option to the affected products. Due to the improper validation of the messages, it will cause numeric errors when handling the messages. Successful exploit will cause the affected products to reset. | |||||
| CVE-2017-1731 | 1 Ibm | 1 Websphere Application Server | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could provide weaker than expected security when using the Administrative Console. An authenticated remote attacker could exploit this vulnerability to possibly gain elevated privileges. | |||||
| CVE-2017-17384 | 1 Ispconfig | 1 Ispconfig | 2019-10-03 | 9.0 HIGH | 8.8 HIGH |
| ISPConfig 3.x before 3.1.9 allows remote authenticated users to obtain root access by creating a crafted cron job. | |||||
| CVE-2017-17432 | 2 Debian, Openafs | 2 Debian Linux, Openafs | 2019-10-03 | 7.8 HIGH | 7.5 HIGH |
| OpenAFS 1.x before 1.6.22 does not properly validate Rx ack packets, which allows remote attackers to cause a denial of service (system crash or application crash) via crafted fields, as demonstrated by an integer underflow and assertion failure for a small MTU value. | |||||
| CVE-2017-17448 | 1 Linux | 1 Linux Kernel | 2019-10-03 | 4.6 MEDIUM | 7.8 HIGH |
| net/netfilter/nfnetlink_cthelper.c in the Linux kernel through 4.14.4 does not require the CAP_NET_ADMIN capability for new, get, and del operations, which allows local users to bypass intended access restrictions because the nfnl_cthelper_list data structure is shared across all net namespaces. | |||||
| CVE-2017-17450 | 1 Linux | 1 Linux Kernel | 2019-10-03 | 4.6 MEDIUM | 7.8 HIGH |
| net/netfilter/xt_osf.c in the Linux kernel through 4.14.4 does not require the CAP_NET_ADMIN capability for add_callback and remove_callback operations, which allows local users to bypass intended access restrictions because the xt_osf_fingers data structure is shared across all net namespaces. | |||||
| CVE-2017-17476 | 2 Debian, Otrs | 2 Debian Linux, Otrs | 2019-10-03 | 6.8 MEDIUM | 8.8 HIGH |
| Open Ticket Request System (OTRS) 4.0.x before 4.0.28, 5.0.x before 5.0.26, and 6.0.x before 6.0.3, when cookie support is disabled, might allow remote attackers to hijack web sessions and consequently gain privileges via a crafted email. | |||||
| CVE-2017-17459 | 1 Fossil Scm | 1 Fossil | 2019-10-03 | 9.3 HIGH | 8.8 HIGH |
| http_transport.c in Fossil before 2.4, when the SSH sync protocol is used, allows user-assisted remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-14176, CVE-2017-16228, CVE-2017-1000116, and CVE-2017-1000117. | |||||
| CVE-2017-17466 | 1 Tgsoft | 1 Vir.it Explorer | 2019-10-03 | 4.6 MEDIUM | 7.8 HIGH |
| TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to gain privileges or cause a denial of service (Arbitrary Write) via a \\.\Viragtlt DeviceIoControl request of 0x82730088. | |||||
| CVE-2017-17468 | 1 Tgsoft | 1 Vir.it Explorer | 2019-10-03 | 4.6 MEDIUM | 7.8 HIGH |
| TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to gain privileges or cause a denial of service (Arbitrary Write) via a \\.\Viragtlt DeviceIoControl request of 0x82730020, a different vulnerability than CVE-2017-17050. | |||||
| CVE-2017-17566 | 1 Xen | 1 Xen | 2019-10-03 | 6.9 MEDIUM | 7.8 HIGH |
| An issue was discovered in Xen through 4.9.x allowing PV guest OS users to cause a denial of service (host OS crash) or gain host OS privileges in shadow mode by mapping a certain auxiliary page. | |||||
| CVE-2017-17536 | 1 Phacility | 1 Phabricator | 2019-10-03 | 6.8 MEDIUM | 8.8 HIGH |
| Phabricator before 2017-11-10 does not block the --config and --debugger flags to the Mercurial hg program, which allows remote attackers to execute arbitrary code by using the web UI to browse a branch whose name begins with a --config= or --debugger= substring. | |||||
| CVE-2017-17538 | 1 Mikrotik | 2 Router, Router Firmware | 2019-10-03 | 7.8 HIGH | 7.5 HIGH |
| MikroTik v6.40.5 devices allow remote attackers to cause a denial of service via a flood of ICMP packets. | |||||
| CVE-2017-17561 | 1 Seacms Project | 1 Seacms | 2019-10-03 | 6.5 MEDIUM | 7.2 HIGH |
| SeaCMS 6.56 allows remote authenticated administrators to execute arbitrary PHP code via a crafted token field to admin/admin_ping.php, which interacts with data/admin/ping.php. | |||||
| CVE-2017-17568 | 1 Scubez | 1 Posty Readymade Classifieds | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| Scubez Posty Readymade Classifieds has Incorrect Access Control for visiting admin/user_activate_submit.php (aka the backend PHP script), which might allow remote attackers to obtain sensitive information via a direct request. | |||||
| CVE-2017-17593 | 1 Simple Chatting System Project | 1 Simple Chatting System | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| Simple Chatting System 1.0 allows Arbitrary File Upload via view/my_profile.php, which places files under uploads/. | |||||
| CVE-2017-1760 | 1 Ibm | 1 Websphere Mq | 2019-10-03 | 3.6 LOW | 7.1 HIGH |
| IBM WebSphere MQ 7.5, 8.0, and 9.0 could allow a local user to crash the queue manager agent thread and expose some sensitive information. IBM X-Force ID: 126454. | |||||
| CVE-2017-17757 | 1 Tp-link | 30 Tl-war1200l, Tl-war1200l Firmware, Tl-war1300l and 27 more | 2019-10-03 | 9.0 HIGH | 8.8 HIGH |
| TP-Link TL-WVR and TL-WAR devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the interface field of an admin/wportal command to cgi-bin/luci, related to the get_device_byif function in /usr/lib/lua/luci/controller/admin/wportal.lua in uhttpd. | |||||
| CVE-2017-1764 | 1 Ibm | 1 Cognos Business Intelligence | 2019-10-03 | 1.9 LOW | 7.0 HIGH |
| IBM Cognos Business Intelligence 10.2, 10.2.1, 10.2.1.1, and 10.2.2, under specialized circumstances, could expose plain text credentials to a local user. IBM X-Force ID: 136149. | |||||
| CVE-2017-17758 | 1 Tp-link | 30 Tl-war1200l, Tl-war1200l Firmware, Tl-war1300l and 27 more | 2019-10-03 | 9.0 HIGH | 8.8 HIGH |
| TP-Link TL-WVR and TL-WAR devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the interface field of an admin/dhcps command to cgi-bin/luci, related to the zone_get_iface_bydev function in /usr/lib/lua/luci/controller/admin/dhcps.lua in uhttpd. | |||||
| CVE-2017-17665 | 1 Octopus | 1 Octopus Deploy | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| In Octopus Deploy before 4.1.3, the machine update process doesn't check that the user has access to all environments. This allows an access-control bypass because the set of environments to which a machine is scoped may include environments in which the user lacks access. | |||||
| CVE-2017-17668 | 1 Ncr | 2 S1 Dispenser Controller, S1 Dispenser Controller Firmware | 2019-10-03 | 7.8 HIGH | 7.5 HIGH |
| Memory write mechanism in NCR S1 Dispenser controller before firmware version 0x0156 allows an unauthenticated user to upgrade or downgrade the firmware of the device, including to older versions with known vulnerabilities. | |||||
| CVE-2017-17691 | 1 Contronics | 1 Homeputer Cl Studio Fur Homematic | 2019-10-03 | 4.3 MEDIUM | 8.1 HIGH |
| Homeputer CL Studio fur HomeMatic 4.0 Rel 160808 and earlier uses cleartext to exchange the username and password between server and client instances, which allows remote attackers to obtain sensitive information via a man in the middle attack. | |||||
| CVE-2017-17806 | 5 Debian, Linux, Opensuse and 2 more | 7 Debian Linux, Linux Kernel, Leap and 4 more | 2019-10-03 | 7.2 HIGH | 7.8 HIGH |
| The HMAC implementation (crypto/hmac.c) in the Linux kernel before 4.14.8 does not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm (CONFIG_CRYPTO_SHA3) to cause a kernel stack buffer overflow by executing a crafted sequence of system calls that encounter a missing SHA-3 initialization. | |||||
| CVE-2017-17704 | 1 Swhouse | 2 Istar Ultra, Istar Ultra Firmware | 2019-10-03 | 5.8 MEDIUM | 7.4 HIGH |
| A door-unlocking issue was discovered on Software House iStar Ultra devices through 6.5.2.20569 when used in conjunction with the IP-ACM Ethernet Door Module. The communications between the IP-ACM and the iStar Ultra is encrypted using a fixed AES key and IV. Each message is encrypted in CBC mode and restarts with the fixed IV, leading to replay attacks of entire messages. There is no authentication of messages beyond the use of the fixed AES key, so message forgery is also possible. | |||||
| CVE-2017-17707 | 1 Pleasantsolutions | 1 Pleasant Password Server | 2019-10-03 | 6.5 MEDIUM | 8.1 HIGH |
| Due to missing authorization checks, any authenticated user is able to list, upload, or delete attachments to password safe entries in Pleasant Password Server before 7.8.3. To perform those actions on an entry, the user needs to know the corresponding "CredentialId" value, which uniquely identifies a password safe entry. Since "CredentialId" values are implemented as GUIDs, they are hard to guess. However, if for example an entry's owner grants read-only access to a malicious user, the value gets exposed to the malicious user. The same holds true for temporary grants. | |||||
| CVE-2017-17723 | 1 Exiv2 | 1 Exiv2 | 2019-10-03 | 5.8 MEDIUM | 8.1 HIGH |
| In Exiv2 0.26, there is a heap-based buffer over-read in the Exiv2::Image::byteSwap4 function in image.cpp. Remote attackers can exploit this vulnerability to disclose memory data or cause a denial of service via a crafted TIFF file. | |||||
| CVE-2017-17738 | 1 Brightsign | 2 4k242, 4k242 Firmware | 2019-10-03 | 6.4 MEDIUM | 7.5 HIGH |
| The BrightSign Digital Signage (4k242) device (Firmware 6.2.63 and below) allows renaming and modifying files via /tools.html. | |||||
| CVE-2017-17765 | 1 Google | 1 Android | 2019-10-03 | 7.2 HIGH | 7.8 HIGH |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, multiple values received from firmware are not properly validated in wma_get_ll_stats_ext_buf() and are used to allocate the sizes of buffers and may be vulnerable to integer overflow leading to buffer overflow. | |||||
| CVE-2017-17771 | 1 Google | 1 Android | 2019-10-03 | 4.6 MEDIUM | 7.8 HIGH |
| In msm_isp_prepare_v4l2_buf in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-02-12, an array out of bounds can occur. | |||||
| CVE-2017-17818 | 2 Canonical, Nasm | 2 Ubuntu Linux, Netwide Assembler | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer over-read that will cause a remote denial of service attack, related to a while loop in paste_tokens in asm/preproc.c. | |||||
| CVE-2017-17867 | 1 Intenogroup | 1 Iopsys | 2019-10-03 | 9.0 HIGH | 8.8 HIGH |
| Inteno iopsys 2.0-3.14 and 4.0 devices allow remote authenticated users to execute arbitrary OS commands by modifying the leasetrigger field in the odhcpd configuration to specify an arbitrary program, as demonstrated by a program located on an SMB share. This issue existed because the /etc/uci-defaults directory was not being used to secure the OpenWrt configuration. | |||||