Search
Total
49350 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-14646 | 1 Axiosys | 1 Bento4 | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| The AP4_AvccAtom and AP4_HvccAtom classes in Bento4 version 1.5.0-617 do not properly validate data sizes, leading to a heap-based buffer over-read and application crash in AP4_DataBuffer::SetData in Core/Ap4DataBuffer.cpp. | |||||
| CVE-2017-14623 | 1 Go-ldap Project | 1 Ldap | 2019-10-03 | 5.1 MEDIUM | 8.1 HIGH |
| In the ldap.v2 (aka go-ldap) package through 2.5.0 for Go, an attacker may be able to login with an empty password. This issue affects an application using this package if these conditions are met: (1) it relies only on the return error of the Bind function call to determine whether a user is authorized (i.e., a nil return value is interpreted as successful authorization) and (2) it is used with an LDAP server allowing unauthenticated bind. | |||||
| CVE-2017-0199 | 1 Microsoft | 5 Office, Windows 7, Windows Server 2008 and 2 more | 2019-10-03 | 9.3 HIGH | 7.8 HIGH |
| Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1, Microsoft Office 2016, Microsoft Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, Windows 8.1 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office/WordPad Remote Code Execution Vulnerability w/Windows API." | |||||
| CVE-2017-14609 | 1 Kannel | 1 Kannel | 2019-10-03 | 4.6 MEDIUM | 7.8 HIGH |
| The server daemons in Kannel 1.5.0 and earlier create a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command, as demonstrated by bearerbox. | |||||
| CVE-2017-14602 | 1 Citrix | 2 Application Delivery Controller Firmware, Netscaler Gateway Firmware | 2019-10-03 | 9.0 HIGH | 7.2 HIGH |
| A vulnerability has been identified in the management interface of Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.1 before build 135.18, 10.5 before build 66.9, 10.5e before build 60.7010.e, 11.0 before build 70.16, 11.1 before build 55.13, and 12.0 before build 53.13 (except for build 41.24) that, if exploited, could allow an attacker with access to the NetScaler management interface to gain administrative access to the appliance. | |||||
| CVE-2017-1452 | 3 Ibm, Linux, Microsoft | 4 Db2, Db2 Connect, Linux Kernel and 1 more | 2019-10-03 | 7.2 HIGH | 7.8 HIGH |
| IBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user to obtain elevated privilege and overwrite DB2 files. IBM X-Force ID: 128180. | |||||
| CVE-2017-14519 | 1 Freedesktop | 1 Poppler | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| In Poppler 0.59.0, memory corruption occurs in a call to Object::streamGetChar in Object.h after a repeating series of Gfx::display, Gfx::go, Gfx::execOp, Gfx::opShowText, and Gfx::doShowText calls (aka a Gfx.cc infinite loop). | |||||
| CVE-2017-1451 | 3 Ibm, Linux, Microsoft | 4 Db2, Db2 Connect, Linux Kernel and 1 more | 2019-10-03 | 7.2 HIGH | 7.8 HIGH |
| IBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user with DB2 instance owner privileges to obtain root access. IBM X-Force ID: 128178. | |||||
| CVE-2017-0246 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2019-10-03 | 6.9 MEDIUM | 7.0 HIGH |
| The Graphics Component in the kernel-mode drivers in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application or in Windows 7 for x64-based Systems and later, cause denial of service, aka "Win32k Elevation of Privilege Vulnerability." | |||||
| CVE-2017-0248 | 1 Microsoft | 1 .net Framework | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to bypass Enhanced Security Usage taggings when they present a certificate that is invalid for a specific use, aka ".NET Security Feature Bypass Vulnerability." | |||||
| CVE-2017-0272 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2019-10-03 | 9.3 HIGH | 8.1 HIGH |
| The Microsoft Server Message Block 1.0 (SMBv1) server on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to execute remote code by the way it handles certain requests, aka "Windows SMB Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0277, CVE-2017-0278, and CVE-2017-0279. | |||||
| CVE-2017-0291 | 1 Microsoft | 5 Windows 10, Windows 8.1, Windows Rt 8.1 and 2 more | 2019-10-03 | 9.3 HIGH | 7.8 HIGH |
| Windows PDF in Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows remote code execution if a user opens a specially crafted PDF file, aka "Windows PDF Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0292. | |||||
| CVE-2017-0292 | 1 Microsoft | 6 Windows 10, Windows 8.1, Windows Rt 8.1 and 3 more | 2019-10-03 | 9.3 HIGH | 7.8 HIGH |
| Windows PDF in Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows remote code execution if a user opens a specially crafted PDF file, aka "Windows PDF Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0291. | |||||
| CVE-2017-0294 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2019-10-03 | 9.3 HIGH | 7.8 HIGH |
| Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute remote code when Windows fails to properly handle cabinet files, aka "Windows Remote Code Execution Vulnerability". | |||||
| CVE-2017-0296 | 1 Microsoft | 6 Windows 10, Windows 7, Windows 8.1 and 3 more | 2019-10-03 | 7.2 HIGH | 7.8 HIGH |
| Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to elevate privilege when tdx.sys fails to check the length of a buffer prior to copying memory to it, aka "Windows TDX Elevation of Privilege Vulnerability". | |||||
| CVE-2017-0298 | 1 Microsoft | 6 Windows 10, Windows 7, Windows 8.1 and 3 more | 2019-10-03 | 4.4 MEDIUM | 7.3 HIGH |
| A DCOM object in Helppane.exe in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016, when configured to run as the interactive user, allows an authenticated attacker to run arbitrary code in another user's session, aka "Windows COM Session Elevation of Privilege Vulnerability." | |||||
| CVE-2017-0325 | 1 Linux | 1 Linux Kernel | 2019-10-03 | 7.6 HIGH | 7.0 HIGH |
| An elevation of privilege vulnerability in the NVIDIA I2C HID driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel 3.10 and Kernel 3.18. Android ID: A-33040280. References: N-CVE-2017-0325. | |||||
| CVE-2017-14423 | 1 D-link | 2 Dir-850l, Dir-850l Firmware | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| htdocs/parentalcontrols/bind.php on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices does not prevent unauthenticated nonce-guessing attacks, which makes it easier for remote attackers to change the DNS configuration via a series of requests. | |||||
| CVE-2017-14418 | 1 D-link | 2 Dir-850l, Dir-850l Firmware | 2019-10-03 | 4.3 MEDIUM | 8.1 HIGH |
| The D-Link NPAPI extension, as used in conjunction with D-Link DIR-850L REV. B (with firmware through FW208WWb02) devices, sends the cleartext admin password over the Internet as part of interaction with mydlink Cloud Services. | |||||
| CVE-2017-14390 | 1 Pivotal Software | 1 Cf-deployment | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| In Cloud Foundry Foundation cf-deployment v0.35.0, a misconfiguration with Loggregator and syslog-drain causes logs to be drained to unintended locations. | |||||
| CVE-2017-14355 | 1 Microfocus | 1 Connected Backup | 2019-10-03 | 7.2 HIGH | 7.8 HIGH |
| A potential security vulnerability has been identified in HPE Connected Backup versions 8.6 and 8.8.6. The vulnerability could be exploited locally to allow escalation of privilege. | |||||
| CVE-2017-0327 | 1 Linux | 1 Linux Kernel | 2019-10-03 | 7.6 HIGH | 7.0 HIGH |
| An elevation of privilege vulnerability in the NVIDIA crypto driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel 3.10. Android ID: A-33893669. References: N-CVE-2017-0327. | |||||
| CVE-2017-0329 | 1 Linux | 1 Linux Kernel | 2019-10-03 | 7.6 HIGH | 7.0 HIGH |
| An elevation of privilege vulnerability in the NVIDIA boot and power management processor driver could enable a local malicious application to execute arbitrary code within the context of the boot and power management processor. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel 3.18. Android ID:A-34115304. References: N-CVE-2017-0329. | |||||
| CVE-2017-14339 | 1 Yadifa | 1 Yadifa | 2019-10-03 | 7.8 HIGH | 7.5 HIGH |
| The DNS packet parser in YADIFA before 2.2.6 does not check for the presence of infinite pointer loops, and thus it is possible to force it to enter an infinite loop. This can cause high CPU usage and makes the server unresponsive. | |||||
| CVE-2017-14332 | 1 Extremenetworks | 1 Extremexos | 2019-10-03 | 6.8 MEDIUM | 8.1 HIGH |
| Extreme EXOS 15.7, 16.x, 21.x, and 22.x allows remote attackers to hijack sessions by determining SessionID values. | |||||
| CVE-2017-14319 | 1 Xen | 1 Xen | 2019-10-03 | 7.2 HIGH | 8.8 HIGH |
| A grant unmapping issue was discovered in Xen through 4.9.x. When removing or replacing a grant mapping, the x86 PV specific path needs to make sure page table entries remain in sync with other accounting done. Although the identity of the page frame was validated correctly, neither the presence of the mapping nor page writability were taken into account. | |||||
| CVE-2017-14311 | 1 Netmechanica | 1 Netdecision | 2019-10-03 | 4.6 MEDIUM | 7.8 HIGH |
| The Winring0x32.sys driver in NetMechanica NetDecision 5.8.2 allows local users to gain privileges via a crafted 0x9C402088 IOCTL call. | |||||
| CVE-2017-0331 | 2 Google, Linux | 2 Android, Linux Kernel | 2019-10-03 | 9.3 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability in the NVIDIA video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel 3.10. Android ID: A-34113000. References: N-CVE-2017-0331. | |||||
| CVE-2017-14198 | 1 Squiz | 1 Matrix | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in Squiz Matrix before 5.3.6.1 and 5.4.x before 5.4.1.3. Authenticated users with permissions to edit design assets can cause Remote Code Execution (RCE) via a maliciously crafted time_format tag. | |||||
| CVE-2017-12997 | 1 Tcpdump | 1 Tcpdump | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| The LLDP parser in tcpdump before 4.9.2 could enter an infinite loop due to a bug in print-lldp.c:lldp_private_8021_print(). | |||||
| CVE-2017-0332 | 1 Linux | 1 Linux Kernel | 2019-10-03 | 7.6 HIGH | 7.0 HIGH |
| An elevation of privilege vulnerability in the NVIDIA crypto driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel 3.10. Android ID: A-33812508. References: N-CVE-2017-0332. | |||||
| CVE-2017-14102 | 1 Mimedefang | 1 Mimedefang | 2019-10-03 | 4.6 MEDIUM | 7.8 HIGH |
| MIMEDefang 2.80 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command, as demonstrated by the init-script.in and mimedefang-init.in scripts. | |||||
| CVE-2017-0333 | 1 Linux | 1 Linux Kernel | 2019-10-03 | 9.3 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.18. Android ID: A-33899363. References: N-CVE-2017-0333. | |||||
| CVE-2017-14086 | 1 Trendmicro | 1 Officescan | 2019-10-03 | 7.8 HIGH | 7.5 HIGH |
| Pre-authorization Start Remote Process vulnerabilities in Trend Micro OfficeScan 11.0 and XG may allow unauthenticated users who can access the OfficeScan server to start the fcgiOfcDDA.exe executable or cause a potential INI corruption, which may cause the server disk space to be consumed with dump files from continuous HTTP requests. | |||||
| CVE-2017-14084 | 1 Trendmicro | 1 Officescan | 2019-10-03 | 6.8 MEDIUM | 8.1 HIGH |
| A potential Man-in-the-Middle (MitM) attack vulnerability in Trend Micro OfficeScan 11.0 and XG may allow attackers to execute arbitrary code on vulnerable installations. | |||||
| CVE-2017-14083 | 1 Trendmicro | 1 Officescan | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in Trend Micro OfficeScan 11.0 and XG allows remote unauthenticated users who can access the system to download the OfficeScan encryption file. | |||||
| CVE-2017-0335 | 1 Linux | 1 Linux Kernel | 2019-10-03 | 9.3 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.18. Android ID: A-33043375. References: N-CVE-2017-0335. | |||||
| CVE-2017-0337 | 1 Linux | 1 Linux Kernel | 2019-10-03 | 9.3 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.18. Android ID: A-31992762. References: N-CVE-2017-0337. | |||||
| CVE-2017-14034 | 1 Libbpg Project | 1 Libbpg | 2019-10-03 | 6.8 MEDIUM | 8.8 HIGH |
| The restore_tqb_pixels function in hevc_filter.c in libavcodec, as used in libbpg 0.9.7 and other products, miscalculates a memcpy destination address, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact. | |||||
| CVE-2017-0338 | 1 Linux | 1 Linux Kernel | 2019-10-03 | 9.3 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.18. Android ID: A-33057977. References: N-CVE-2017-0338. | |||||
| CVE-2017-0339 | 1 Linux | 1 Linux Kernel | 2019-10-03 | 7.6 HIGH | 7.0 HIGH |
| An elevation of privilege vulnerability in the NVIDIA crypto driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel 3.10. Android ID: A-27930566. References: N-CVE-2017-0339. | |||||
| CVE-2017-0340 | 1 Google | 1 Android | 2019-10-03 | 9.3 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability in the NVIDIA Libnvparser component due to a memcpy into a fixed sized buffer with a user-controlled size could lead to a memory corruption and possible remote code execution. This issue is rated as High. Product: Android. Version: N/A. Android ID: A-33968204. References: N-CVE-2017-0340. | |||||
| CVE-2017-13989 | 1 Hp | 2 Arcsight Enterprise Security Manager, Arcsight Enterprise Security Manager Express | 2019-10-03 | 5.5 MEDIUM | 8.1 HIGH |
| An improper access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows unauthorized users to retrieve or modify storage information. | |||||
| CVE-2017-0344 | 2 Microsoft, Nvidia | 2 Windows, Gpu Driver | 2019-10-03 | 7.2 HIGH | 7.8 HIGH |
| All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape may allow users to gain access to arbitrary physical memory, leading to escalation of privileges. | |||||
| CVE-2017-13903 | 1 Apple | 2 Iphone Os, Tvos | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in certain Apple products. iOS before 11.2.1 is affected. tvOS before 11.2.1 is affected. The issue involves the "HomeKit" component. It allows remote attackers to modify the application state by leveraging incorrect message handling, as demonstrated by use of an Apple Watch to obtain an encryption key and unlock a door. | |||||
| CVE-2017-13874 | 1 Apple | 1 Iphone Os | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in certain Apple products. iOS before 11.2 is affected. The issue involves the "Mail" component. It might allow remote attackers to bypass an intended encryption protection mechanism by leveraging incorrect S/MIME certificate selection. | |||||
| CVE-2017-1382 | 1 Ibm | 1 Websphere Application Server | 2019-10-03 | 3.6 LOW | 7.1 HIGH |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 might create files using the default permissions instead of the customized permissions when custom startup scripts are used. A local attacker could exploit this to gain access to files with an unknown impact. IBM X-Force ID: 127153. | |||||
| CVE-2017-0367 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| Mediawiki before 1.28.1 / 1.27.2 contains an unsafe use of temporary directory, where having LocalisationCache directory default to system tmp directory is insecure. | |||||
| CVE-2017-0394 | 1 Google | 1 Android | 2019-10-03 | 7.8 HIGH | 7.5 HIGH |
| A denial of service vulnerability in Telephony could enable a remote attacker to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-31752213. | |||||
| CVE-2017-0417 | 1 Google | 1 Android | 2019-10-03 | 9.3 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32705438. | |||||