Vulnerabilities (CVE)

CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-17302 1 Huawei 12 Dp300, Dp300 Firmware, Rp200 and 9 more 2019-10-03 2.1 LOW 3.3 LOW
Huawei DP300 V500R002C00, RP200 V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00 have a memory leak vulnerability. An authenticated, local attacker may craft and load some specific Certificate Revocation List(CRL) configuration files to the devices repeatedly. Due to not release allocated memory properly, successful exploit may result in memory leak and services abnormal.
CVE-2018-0942 1 Microsoft 8 Internet Explorer, Windows 10, Windows 7 and 5 more 2019-10-03 2.1 LOW 2.6 LOW
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow elevation of privilege, due to how Internet Explorer handles zone and integrity settings, aka "Internet Explorer Elevation of Privilege Vulnerability".
CVE-2017-17329 1 Huawei 2 Viewpoint 8660, Viewpoint 8660 Firmware 2019-10-03 2.1 LOW 3.3 LOW
Huawei ViewPoint 8660 V100R008C03 have a memory leak vulnerability. The software does not release allocated memory properly when parse XML Schema data. An authenticated attacker could upload a crafted XML file, successful exploit could cause the system service abnormal since run out of memory.
CVE-2017-17289 1 Huawei 12 Dp300, Dp300 Firmware, Rp200 and 9 more 2019-10-03 2.1 LOW 3.3 LOW
Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00 have a memory leak vulnerability. The software does not release allocated memory properly when handling XML data. An authenticated, local attacker could upload crafted XML file repeatedly to cause memory leak and service abnormal.
CVE-2017-15352 1 Huawei 10 Oceanstor 2800, Oceanstor 2800 Firmware, Oceanstor 5300 and 7 more 2019-10-03 2.9 LOW 3.1 LOW
Huawei OceanStor 2800 V3, V300R003C00, V300R003C20, OceanStor 5300 V3, V300R003C00, V300R003C10, V300R003C20, OceanStor 5500 V3, V300R003C00, V300R003C10, V300R003C20, OceanStor 5600 V3, V300R003C00, V300R003C10, V300R003C20, OceanStor 5800 V3, V300R003C00, V300R003C10, V300R003C20 have an improper access control vulnerability. Due to incorrectly restrict access to a resource, an attacker with high privilege may exploit the vulnerability to query some information or send specific message to cause some service abnormal.
CVE-2017-15307 1 Huawei 2 Honor 8, Honor 8 Firmware 2019-10-03 1.9 LOW 2.3 LOW
Huawei Honor 8 smartphone with software versions earlier than FRD-L04C567B389 and earlier than FRD-L14C567B389 have a permission control vulnerability due to improper authorization configuration on specific device information.
CVE-2018-1315 1 Apache 1 Hive 2019-10-03 4.3 MEDIUM 3.7 LOW
In Apache Hive 2.1.0 to 2.3.2, when 'COPY FROM FTP' statement is run using HPL/SQL extension to Hive, a compromised/malicious FTP server can cause the file to be written to an arbitrary location on the cluster where the command is run from. This is because FTP client code in HPL/SQL does not verify the destination location of the downloaded file. This does not affect hive cli user and hiveserver2 user as hplsql is a separate command line script and needs to be invoked differently.
CVE-2017-12973 1 Connect2id 1 Nimbus Jose\+jwt 2019-10-03 4.3 MEDIUM 3.1 LOW
Nimbus JOSE+JWT before 4.39 proceeds improperly after detection of an invalid HMAC in authenticated AES-CBC decryption, which allows attackers to conduct a padding oracle attack.
CVE-2017-10426 1 Oracle 1 Peoplesoft Enterprise Staffing Front Office 2019-10-03 4.0 MEDIUM 2.7 LOW
Vulnerability in the PeopleSoft Enterprise FSCM component of Oracle PeopleSoft Products (subcomponent: Staffing Front Office). The supported version that is affected is 9.2. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise FSCM. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise FSCM accessible data. CVSS 3.0 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N).
CVE-2017-10088 1 Oracle 1 Agile Product Lifecycle Management Framework 2019-10-03 3.6 LOW 3.4 LOW
Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: Security). Supported versions that are affected are 9.3.5 and 9.3.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Agile PLM executes to compromise Oracle Agile PLM. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Agile PLM accessible data as well as unauthorized read access to a subset of Oracle Agile PLM accessible data. CVSS 3.0 Base Score 3.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N).
CVE-2017-10166 1 Oracle 2 Security Service, Security Service Fmw 2019-10-03 4.3 MEDIUM 3.7 LOW
Vulnerability in the Oracle Security Service component of Oracle Fusion Middleware (subcomponent: C Oracle SSL API). Supported versions that are affected are FMW: 11.1.1.9.0 and 12.1.3.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Security Service. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Security Service accessible data. CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
CVE-2018-2598 1 Oracle 1 Mysql Workbench 2019-10-03 4.3 MEDIUM 3.7 LOW
Vulnerability in the MySQL Workbench component of Oracle MySQL (subcomponent: Workbench: Security: Encryption). Supported versions that are affected are 6.3.10 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Workbench. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Workbench accessible data. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).
CVE-2018-2792 1 Oracle 1 Hardware Management Pack 2019-10-03 5.5 MEDIUM 3.8 LOW
Vulnerability in the Hardware Management Pack component of Oracle Sun Systems Products Suite (subcomponent: Ipmitool). The supported version that is affected is Prior to 2.4.3. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise Hardware Management Pack. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Hardware Management Pack accessible data as well as unauthorized read access to a subset of Hardware Management Pack accessible data. CVSS 3.0 Base Score 3.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N).
CVE-2018-2831 1 Oracle 1 Vm Virtualbox 2019-10-03 2.1 LOW 3.8 LOW
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.36 and Prior to 5.2.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 3.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N).
CVE-2018-3066 4 Canonical, Debian, Netapp and 1 more 7 Ubuntu Linux, Debian Linux, Oncommand Insight and 4 more 2019-10-03 4.9 MEDIUM 3.3 LOW
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.3 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N).
CVE-2018-3069 1 Oracle 1 Agile Product Lifecycle Management For Process 2019-10-03 4.0 MEDIUM 2.7 LOW
Vulnerability in the Oracle Agile Product Lifecycle Management for Process component of Oracle Supply Chain Products Suite (subcomponent: Installation). The supported version that is affected is 6.2.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Agile Product Lifecycle Management for Process. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Agile Product Lifecycle Management for Process accessible data. CVSS 3.0 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N).
CVE-2018-3266 1 Oracle 1 Solaris 2019-10-03 4.4 MEDIUM 3.9 LOW
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Verified Boot). The supported version that is affected is 11.3. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Solaris accessible data as well as unauthorized read access to a subset of Solaris accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Solaris. CVSS 3.0 Base Score 3.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L).
CVE-2018-3270 1 Oracle 1 Solaris 2019-10-03 1.2 LOW 1.8 LOW
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11.3. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Solaris. CVSS 3.0 Base Score 1.8 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:L).
CVE-2018-8449 1 Microsoft 2 Windows 10, Windows Server 2016 2019-10-03 2.1 LOW 3.3 LOW
A security feature bypass exists when Device Guard incorrectly validates an untrusted file, aka "Device Guard Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers.
CVE-2016-2091 1 Libdwarf Project 1 Libdwarf 2019-10-02 4.3 MEDIUM 3.3 LOW
The dwarf_read_cie_fde_prefix function in dwarf_frame2.c in libdwarf 20151114 allows attackers to cause a denial of service (out-of-bounds read) via a crafted ELF object file.
CVE-2019-9351 1 Google 1 Android 2019-10-02 2.1 LOW 3.3 LOW
In SyncStatusObserver, there is a possible bypass for operating system protections that isolate user profiles from each other due to a missing permission check. This could lead to local limited information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-128599864
CVE-2019-9277 1 Google 1 Android 2019-10-02 2.1 LOW 3.3 LOW
In the proc filesystem, there is a possible information disclosure due to log information disclosure. This could lead to local disclosure of app and browser activity with User execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-68016944
CVE-2018-9581 1 Google 1 Android 2019-10-02 2.1 LOW 3.3 LOW
In WiFi, the RSSI value and SSID information is broadcast as part of android.net.wifi.RSSI_CHANGE and android.net.wifi.STATE_CHANGE intents. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111698366
CVE-2016-0208 1 Ibm 1 Websphere Commerce 2019-09-30 4.3 MEDIUM 3.7 LOW
IBM WebSphere Commerce 6.x through 6.0.0.11, 7.x through 7.0.0.9, and 8.x before 8.0.0.3 allows remote attackers to cause a denial of service (order-processing outage) via unspecified vectors.
CVE-2017-18429 1 Cpanel 1 Cpanel 2019-09-24 2.1 LOW 3.3 LOW
In cPanel before 66.0.2, Apache HTTP Server SSL domain logs can persist on disk after an account termination (SEC-291).
CVE-2019-16183 1 Limesurvey 1 Limesurvey 2019-09-10 4.0 MEDIUM 2.7 LOW
In Limesurvey before 3.17.14, admin users can run an integrity check without proper permissions.
CVE-2017-3142 3 Debian, Isc, Redhat 8 Debian Linux, Bind, Enterprise Linux Desktop and 5 more 2019-08-30 4.3 MEDIUM 3.7 LOW
An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name may be able to circumvent TSIG authentication of AXFR requests via a carefully constructed request packet. A server that relies solely on TSIG keys for protection with no other ACL protection could be manipulated into: providing an AXFR of a zone to an unauthorized recipient or accepting bogus NOTIFY packets. Affects BIND 9.4.0->9.8.8, 9.9.0->9.9.10-P1, 9.10.0->9.10.5-P1, 9.11.0->9.11.1-P1, 9.9.3-S1->9.9.10-S2, 9.10.5-S1->9.10.5-S2.
CVE-2019-1010220 1 Tcpdump 1 Tcpdump 2019-08-20 4.3 MEDIUM 3.3 LOW
tcpdump.org tcpdump 4.9.2 is affected by: CWE-126: Buffer Over-read. The impact is: May expose Saved Frame Pointer, Return Address etc. on stack. The component is: line 234: "ND_PRINT((ndo, "%s", buf));", in function named "print_prefix", in "print-hncp.c". The attack vector is: The victim must open a specially crafted pcap file.
CVE-2017-18399 1 Cpanel 1 Cpanel 2019-08-13 4.3 MEDIUM 3.7 LOW
cPanel before 68.0.15 allows attackers to read root's crontab file during a short time interval upon enabling or disabling sqloptimizer (SEC-332).
CVE-2017-18398 1 Cpanel 1 Cpanel 2019-08-13 5.5 MEDIUM 3.8 LOW
DnsUtils in cPanel before 68.0.15 allows zone creation for hostname and account subdomains (SEC-331).
CVE-2017-18397 1 Cpanel 1 Cpanel 2019-08-13 2.1 LOW 3.3 LOW
cPanel before 68.0.15 does not preserve permissions for local backup transport (SEC-330).
CVE-2017-18401 1 Cpanel 1 Cpanel 2019-08-13 4.0 MEDIUM 2.7 LOW
cPanel before 68.0.15 allows user accounts to be partially created with invalid username formats (SEC-334).
CVE-2017-18404 1 Cpanel 1 Cpanel 2019-08-13 4.9 MEDIUM 3.1 LOW
cPanel before 68.0.15 allows domain data to be deleted for domains with the .lock TLD (SEC-341).
CVE-2017-18395 1 Cpanel 1 Cpanel 2019-08-13 4.0 MEDIUM 2.7 LOW
cPanel before 68.0.15 does not block a username of ssl (SEC-328).
CVE-2017-18394 1 Cpanel 1 Cpanel 2019-08-13 4.0 MEDIUM 2.7 LOW
cPanel before 68.0.15 does not have a sufficient list of reserved usernames (SEC-327).
CVE-2017-18393 1 Cpanel 1 Cpanel 2019-08-13 4.0 MEDIUM 2.7 LOW
cPanel before 68.0.15 does not block a username of postmaster, which might allow reception of private e-mail (SEC-326).
CVE-2017-18392 1 Cpanel 1 Cpanel 2019-08-13 2.1 LOW 2.0 LOW
cPanel before 68.0.15 allows collisions because PostgreSQL databases can be assigned to multiple accounts (SEC-325).
CVE-2016-10796 1 Cpanel 1 Cpanel 2019-08-13 2.1 LOW 3.3 LOW
cPanel before 58.0.4 initially uses weak permissions for Apache HTTP Server log files (SEC-130).
CVE-2018-20932 1 Cpanel 1 Cpanel 2019-08-12 4.0 MEDIUM 2.7 LOW
cPanel before 70.0.23 exposes Apache HTTP Server logs after creation of certain domains (SEC-406).
CVE-2018-20927 1 Cpanel 1 Cpanel 2019-08-12 2.1 LOW 3.8 LOW
cPanel before 70.0.23 allows jailshell escape because of incorrect crontab parsing (SEC-382).
CVE-2017-18466 1 Cpanel 1 Cpanel 2019-08-12 4.0 MEDIUM 2.7 LOW
cPanel before 62.0.17 does not properly recognize domain ownership during addition of parked domains to a mail configuration (SEC-228).
CVE-2017-18427 1 Cpanel 1 Cpanel 2019-08-12 2.1 LOW 3.3 LOW
In cPanel before 66.0.2, weak log-file permissions can occur after account modification (SEC-289).
CVE-2017-18428 1 Cpanel 1 Cpanel 2019-08-12 1.9 LOW 2.5 LOW
In cPanel before 66.0.2, Apache HTTP Server domlogs become temporarily world-readable during log processing (SEC-290).
CVE-2017-18412 1 Cpanel 1 Cpanel 2019-08-12 1.9 LOW 2.5 LOW
cPanel before 67.9999.103 allows Apache HTTP Server log files to become world-readable because of mishandling on an account rename (SEC-296).
CVE-2018-20943 1 Cpanel 1 Cpanel 2019-08-09 1.9 LOW 2.5 LOW
cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon a post-update task (SEC-352).
CVE-2017-18391 1 Cpanel 1 Cpanel 2019-08-09 1.9 LOW 2.5 LOW
cPanel before 68.0.15 allows attackers to read backup files because they are world-readable during a short time interval (SEC-323).
CVE-2017-18425 1 Cpanel 1 Cpanel 2019-08-09 1.9 LOW 2.5 LOW
In cPanel before 66.0.2, the cpdavd_error_log file can be created with weak permissions (SEC-280).
CVE-2017-18426 1 Cpanel 1 Cpanel 2019-08-09 4.0 MEDIUM 2.7 LOW
cPanel before 66.0.2 allows resellers to read other accounts' domain log files (SEC-288).
CVE-2016-10772 1 Cpanel 1 Cpanel 2019-08-09 2.1 LOW 3.3 LOW
cPanel before 60.0.25 does not enforce feature-list restrictions when calling the multilang adminbin (SEC-168).
CVE-2018-20942 1 Cpanel 1 Cpanel 2019-08-09 1.9 LOW 2.5 LOW
cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon configuring crontab (SEC-351).