Search
Total
2136 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-17329 | 1 Huawei | 2 Viewpoint 8660, Viewpoint 8660 Firmware | 2019-10-03 | 2.1 LOW | 3.3 LOW |
| Huawei ViewPoint 8660 V100R008C03 have a memory leak vulnerability. The software does not release allocated memory properly when parse XML Schema data. An authenticated attacker could upload a crafted XML file, successful exploit could cause the system service abnormal since run out of memory. | |||||
| CVE-2017-10166 | 1 Oracle | 2 Security Service, Security Service Fmw | 2019-10-03 | 4.3 MEDIUM | 3.7 LOW |
| Vulnerability in the Oracle Security Service component of Oracle Fusion Middleware (subcomponent: C Oracle SSL API). Supported versions that are affected are FMW: 11.1.1.9.0 and 12.1.3.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Security Service. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Security Service accessible data. CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). | |||||
| CVE-2017-10088 | 1 Oracle | 1 Agile Product Lifecycle Management Framework | 2019-10-03 | 3.6 LOW | 3.4 LOW |
| Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: Security). Supported versions that are affected are 9.3.5 and 9.3.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Agile PLM executes to compromise Oracle Agile PLM. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Agile PLM accessible data as well as unauthorized read access to a subset of Oracle Agile PLM accessible data. CVSS 3.0 Base Score 3.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N). | |||||
| CVE-2017-10095 | 1 Oracle | 1 Solaris | 2019-10-03 | 1.9 LOW | 3.3 LOW |
| Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Solaris accessible data. CVSS 3.0 Base Score 3.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N). | |||||
| CVE-2018-8449 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2019-10-03 | 2.1 LOW | 3.3 LOW |
| A security feature bypass exists when Device Guard incorrectly validates an untrusted file, aka "Device Guard Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. | |||||
| CVE-2018-0942 | 1 Microsoft | 8 Internet Explorer, Windows 10, Windows 7 and 5 more | 2019-10-03 | 2.1 LOW | 2.6 LOW |
| Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow elevation of privilege, due to how Internet Explorer handles zone and integrity settings, aka "Internet Explorer Elevation of Privilege Vulnerability". | |||||
| CVE-2018-0966 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2019-10-03 | 2.1 LOW | 3.3 LOW |
| A security feature bypass exists when Device Guard incorrectly validates an untrusted file, aka "Device Guard Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. | |||||
| CVE-2017-2137 | 1 Netgear | 1 Prosafe Plus Configuration Utility | 2019-10-03 | 4.3 MEDIUM | 3.7 LOW |
| ProSAFE Plus Configuration Utility prior to 2.3.29 allows remote attackers to bypass access restriction and change configurations of the switch via SOAP requests. | |||||
| CVE-2017-5985 | 1 Linuxcontainers | 1 Lxc | 2019-10-03 | 2.1 LOW | 3.3 LOW |
| lxc-user-nic in Linux Containers (LXC) allows local users with a lxc-usernet allocation to create network interfaces on the host and choose the name of those interfaces by leveraging lack of netns ownership check. | |||||
| CVE-2017-2739 | 1 Huawei | 1 Vmall | 2019-10-03 | 2.9 LOW | 3.1 LOW |
| The upgrade package of Huawei Vmall APP Earlier than HwVmall 1.5.3.0 versions is transferred through HTTP. A man in the middle (MITM) can tamper with the upgrade package of Huawei Vmall APP, and to implant the malicious applications. | |||||
| CVE-2018-7924 | 1 Huawei | 2 Anne-al00, Anne-al00 Firmware | 2019-10-03 | 2.1 LOW | 2.4 LOW |
| Anne-AL00 Huawei phones with versions earlier than 8.0.0.151(C00) have an information leak vulnerability. Due to improper permission settings for specific commands, attackers who can connect to a mobile phone via the USB interface may exploit this vulnerability to obtain specific device information of the mobile phone. | |||||
| CVE-2018-5538 | 1 F5 | 4 Big-ip Domain Name System, Big-ip Global Traffic Manager, Big-ip Link Controller and 1 more | 2019-10-03 | 4.3 MEDIUM | 3.7 LOW |
| On F5 BIG-IP DNS 13.1.0-13.1.0.7, 12.1.3-12.1.3.5, DNS Express / DNS Zones accept NOTIFY messages on the management interface from source IP addresses not listed in the 'Allow NOTIFY From' configuration parameter when the db variable "dnsexpress.notifyport" is set to any value other than the default of "0". | |||||
| CVE-2017-17807 | 1 Linux | 1 Linux Kernel | 2019-10-03 | 2.1 LOW | 3.3 LOW |
| The KEYS subsystem in the Linux kernel before 4.14.6 omitted an access-control check when adding a key to the current task's "default request-key keyring" via the request_key() system call, allowing a local user to use a sequence of crafted system calls to add keys to a keyring with only Search permission (not Write permission) to that keyring, related to construct_get_dest_keyring() in security/keys/request_key.c. | |||||
| CVE-2017-17433 | 2 Debian, Samba | 2 Debian Linux, Rsync | 2019-10-03 | 4.3 MEDIUM | 3.7 LOW |
| The recv_files function in receiver.c in the daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, proceeds with certain file metadata updates before checking for a filename in the daemon_filter_list data structure, which allows remote attackers to bypass intended access restrictions. | |||||
| CVE-2017-17302 | 1 Huawei | 12 Dp300, Dp300 Firmware, Rp200 and 9 more | 2019-10-03 | 2.1 LOW | 3.3 LOW |
| Huawei DP300 V500R002C00, RP200 V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00 have a memory leak vulnerability. An authenticated, local attacker may craft and load some specific Certificate Revocation List(CRL) configuration files to the devices repeatedly. Due to not release allocated memory properly, successful exploit may result in memory leak and services abnormal. | |||||
| CVE-2017-12973 | 1 Connect2id | 1 Nimbus Jose\+jwt | 2019-10-03 | 4.3 MEDIUM | 3.1 LOW |
| Nimbus JOSE+JWT before 4.39 proceeds improperly after detection of an invalid HMAC in authenticated AES-CBC decryption, which allows attackers to conduct a padding oracle attack. | |||||
| CVE-2017-1716 | 1 Ibm | 1 Tivoli Workload Scheduler | 2019-10-03 | 2.1 LOW | 3.3 LOW |
| IBM Tivoli Workload Scheduler 8.6.0, 9.1.0, and 9.2.0 could disclose sensitive information to a local attacker due to improper permission settings. IBM X-Force ID: 134638. | |||||
| CVE-2017-1699 | 1 Ibm | 1 Websphere Mq | 2019-10-03 | 3.6 LOW | 3.3 LOW |
| IBM MQ Managed File Transfer Agent 8.0 and 9.0 sets insecure permissions on certain files it creates. A local attacker could exploit this vulnerability to modify or delete data contained in the files with an unknown impact. IBM X-Force ID: 134391. | |||||
| CVE-2017-14595 | 1 Joomla | 1 Joomla\! | 2019-10-03 | 4.3 MEDIUM | 3.7 LOW |
| In Joomla! before 3.8.0, a logic bug in a SQL query could lead to the disclosure of article intro texts when these articles are in the archived state. | |||||
| CVE-2016-2091 | 1 Libdwarf Project | 1 Libdwarf | 2019-10-02 | 4.3 MEDIUM | 3.3 LOW |
| The dwarf_read_cie_fde_prefix function in dwarf_frame2.c in libdwarf 20151114 allows attackers to cause a denial of service (out-of-bounds read) via a crafted ELF object file. | |||||
| CVE-2019-9351 | 1 Google | 1 Android | 2019-10-02 | 2.1 LOW | 3.3 LOW |
| In SyncStatusObserver, there is a possible bypass for operating system protections that isolate user profiles from each other due to a missing permission check. This could lead to local limited information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-128599864 | |||||
| CVE-2019-9277 | 1 Google | 1 Android | 2019-10-02 | 2.1 LOW | 3.3 LOW |
| In the proc filesystem, there is a possible information disclosure due to log information disclosure. This could lead to local disclosure of app and browser activity with User execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-68016944 | |||||
| CVE-2018-9581 | 1 Google | 1 Android | 2019-10-02 | 2.1 LOW | 3.3 LOW |
| In WiFi, the RSSI value and SSID information is broadcast as part of android.net.wifi.RSSI_CHANGE and android.net.wifi.STATE_CHANGE intents. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111698366 | |||||
| CVE-2016-0208 | 1 Ibm | 1 Websphere Commerce | 2019-09-30 | 4.3 MEDIUM | 3.7 LOW |
| IBM WebSphere Commerce 6.x through 6.0.0.11, 7.x through 7.0.0.9, and 8.x before 8.0.0.3 allows remote attackers to cause a denial of service (order-processing outage) via unspecified vectors. | |||||
| CVE-2017-18429 | 1 Cpanel | 1 Cpanel | 2019-09-24 | 2.1 LOW | 3.3 LOW |
| In cPanel before 66.0.2, Apache HTTP Server SSL domain logs can persist on disk after an account termination (SEC-291). | |||||
| CVE-2019-16183 | 1 Limesurvey | 1 Limesurvey | 2019-09-10 | 4.0 MEDIUM | 2.7 LOW |
| In Limesurvey before 3.17.14, admin users can run an integrity check without proper permissions. | |||||
| CVE-2017-3142 | 3 Debian, Isc, Redhat | 8 Debian Linux, Bind, Enterprise Linux Desktop and 5 more | 2019-08-30 | 4.3 MEDIUM | 3.7 LOW |
| An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name may be able to circumvent TSIG authentication of AXFR requests via a carefully constructed request packet. A server that relies solely on TSIG keys for protection with no other ACL protection could be manipulated into: providing an AXFR of a zone to an unauthorized recipient or accepting bogus NOTIFY packets. Affects BIND 9.4.0->9.8.8, 9.9.0->9.9.10-P1, 9.10.0->9.10.5-P1, 9.11.0->9.11.1-P1, 9.9.3-S1->9.9.10-S2, 9.10.5-S1->9.10.5-S2. | |||||
| CVE-2019-1010220 | 1 Tcpdump | 1 Tcpdump | 2019-08-20 | 4.3 MEDIUM | 3.3 LOW |
| tcpdump.org tcpdump 4.9.2 is affected by: CWE-126: Buffer Over-read. The impact is: May expose Saved Frame Pointer, Return Address etc. on stack. The component is: line 234: "ND_PRINT((ndo, "%s", buf));", in function named "print_prefix", in "print-hncp.c". The attack vector is: The victim must open a specially crafted pcap file. | |||||
| CVE-2017-18399 | 1 Cpanel | 1 Cpanel | 2019-08-13 | 4.3 MEDIUM | 3.7 LOW |
| cPanel before 68.0.15 allows attackers to read root's crontab file during a short time interval upon enabling or disabling sqloptimizer (SEC-332). | |||||
| CVE-2017-18398 | 1 Cpanel | 1 Cpanel | 2019-08-13 | 5.5 MEDIUM | 3.8 LOW |
| DnsUtils in cPanel before 68.0.15 allows zone creation for hostname and account subdomains (SEC-331). | |||||
| CVE-2017-18397 | 1 Cpanel | 1 Cpanel | 2019-08-13 | 2.1 LOW | 3.3 LOW |
| cPanel before 68.0.15 does not preserve permissions for local backup transport (SEC-330). | |||||
| CVE-2017-18401 | 1 Cpanel | 1 Cpanel | 2019-08-13 | 4.0 MEDIUM | 2.7 LOW |
| cPanel before 68.0.15 allows user accounts to be partially created with invalid username formats (SEC-334). | |||||
| CVE-2017-18404 | 1 Cpanel | 1 Cpanel | 2019-08-13 | 4.9 MEDIUM | 3.1 LOW |
| cPanel before 68.0.15 allows domain data to be deleted for domains with the .lock TLD (SEC-341). | |||||
| CVE-2017-18395 | 1 Cpanel | 1 Cpanel | 2019-08-13 | 4.0 MEDIUM | 2.7 LOW |
| cPanel before 68.0.15 does not block a username of ssl (SEC-328). | |||||
| CVE-2017-18394 | 1 Cpanel | 1 Cpanel | 2019-08-13 | 4.0 MEDIUM | 2.7 LOW |
| cPanel before 68.0.15 does not have a sufficient list of reserved usernames (SEC-327). | |||||
| CVE-2017-18393 | 1 Cpanel | 1 Cpanel | 2019-08-13 | 4.0 MEDIUM | 2.7 LOW |
| cPanel before 68.0.15 does not block a username of postmaster, which might allow reception of private e-mail (SEC-326). | |||||
| CVE-2017-18392 | 1 Cpanel | 1 Cpanel | 2019-08-13 | 2.1 LOW | 2.0 LOW |
| cPanel before 68.0.15 allows collisions because PostgreSQL databases can be assigned to multiple accounts (SEC-325). | |||||
| CVE-2016-10796 | 1 Cpanel | 1 Cpanel | 2019-08-13 | 2.1 LOW | 3.3 LOW |
| cPanel before 58.0.4 initially uses weak permissions for Apache HTTP Server log files (SEC-130). | |||||
| CVE-2018-20932 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 4.0 MEDIUM | 2.7 LOW |
| cPanel before 70.0.23 exposes Apache HTTP Server logs after creation of certain domains (SEC-406). | |||||
| CVE-2018-20927 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 2.1 LOW | 3.8 LOW |
| cPanel before 70.0.23 allows jailshell escape because of incorrect crontab parsing (SEC-382). | |||||
| CVE-2017-18466 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 4.0 MEDIUM | 2.7 LOW |
| cPanel before 62.0.17 does not properly recognize domain ownership during addition of parked domains to a mail configuration (SEC-228). | |||||
| CVE-2017-18427 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 2.1 LOW | 3.3 LOW |
| In cPanel before 66.0.2, weak log-file permissions can occur after account modification (SEC-289). | |||||
| CVE-2017-18428 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 1.9 LOW | 2.5 LOW |
| In cPanel before 66.0.2, Apache HTTP Server domlogs become temporarily world-readable during log processing (SEC-290). | |||||
| CVE-2017-18412 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 1.9 LOW | 2.5 LOW |
| cPanel before 67.9999.103 allows Apache HTTP Server log files to become world-readable because of mishandling on an account rename (SEC-296). | |||||
| CVE-2018-20943 | 1 Cpanel | 1 Cpanel | 2019-08-09 | 1.9 LOW | 2.5 LOW |
| cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon a post-update task (SEC-352). | |||||
| CVE-2017-18391 | 1 Cpanel | 1 Cpanel | 2019-08-09 | 1.9 LOW | 2.5 LOW |
| cPanel before 68.0.15 allows attackers to read backup files because they are world-readable during a short time interval (SEC-323). | |||||
| CVE-2017-18425 | 1 Cpanel | 1 Cpanel | 2019-08-09 | 1.9 LOW | 2.5 LOW |
| In cPanel before 66.0.2, the cpdavd_error_log file can be created with weak permissions (SEC-280). | |||||
| CVE-2017-18426 | 1 Cpanel | 1 Cpanel | 2019-08-09 | 4.0 MEDIUM | 2.7 LOW |
| cPanel before 66.0.2 allows resellers to read other accounts' domain log files (SEC-288). | |||||
| CVE-2016-10772 | 1 Cpanel | 1 Cpanel | 2019-08-09 | 2.1 LOW | 3.3 LOW |
| cPanel before 60.0.25 does not enforce feature-list restrictions when calling the multilang adminbin (SEC-168). | |||||
| CVE-2018-20942 | 1 Cpanel | 1 Cpanel | 2019-08-09 | 1.9 LOW | 2.5 LOW |
| cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon configuring crontab (SEC-351). | |||||