Search
Total
46623 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-11399 | 1 Simplisafe | 8 U9k-es1000, U9k-es1000 Firmware, U9k-kr1 and 5 more | 2019-10-03 | 1.9 LOW | 4.3 MEDIUM |
| SimpliSafe Original has Unencrypted Sensor Transmissions, which allows physically proximate attackers to obtain potentially sensitive information about the specific times when alarm-system events occur. | |||||
| CVE-2017-7737 | 1 Fortinet | 1 Fortiweb | 2019-10-03 | 4.0 MEDIUM | 4.9 MEDIUM |
| An information disclosure vulnerability in Fortinet FortiWeb 5.8.2 and below versions allows logged-in admin user to view SNMPv3 user password in cleartext in webui via the HTML source code. | |||||
| CVE-2017-7761 | 2 Microsoft, Mozilla | 3 Windows, Firefox, Firefox Esr | 2019-10-03 | 3.6 LOW | 5.5 MEDIUM |
| The Mozilla Maintenance Service "helper.exe" application creates a temporary directory writable by non-privileged users. When this is combined with creation of a junction (a form of symbolic link), protected files in the target directory of the junction can be deleted by the Mozilla Maintenance Service, which has privileged access. Note: This attack requires local system access and only affects Windows. Other operating systems are not affected. This vulnerability affects Firefox ESR < 52.2 and Firefox < 54. | |||||
| CVE-2017-7789 | 1 Mozilla | 1 Firefox | 2019-10-03 | 5.0 MEDIUM | 5.3 MEDIUM |
| If a server sends two Strict-Transport-Security (STS) headers for a single connection, they will be rejected as invalid and HTTP Strict Transport Security (HSTS) will not be enabled for the connection. This vulnerability affects Firefox < 55. | |||||
| CVE-2017-7767 | 2 Microsoft, Mozilla | 3 Windows, Firefox, Firefox Esr | 2019-10-03 | 2.1 LOW | 5.5 MEDIUM |
| The Mozilla Maintenance Service can be invoked by an unprivileged user to overwrite arbitrary files with junk data using the Mozilla Windows Updater, which runs with the Maintenance Service's privileged access. Note: This attack requires local system access and only affects Windows. Other operating systems are not affected. This vulnerability affects Firefox ESR < 52.2 and Firefox < 54. | |||||
| CVE-2017-7781 | 1 Mozilla | 1 Firefox | 2019-10-03 | 4.3 MEDIUM | 5.9 MEDIUM |
| An error occurs in the elliptic curve point addition algorithm that uses mixed Jacobian-affine coordinates where it can yield a result "POINT_AT_INFINITY" when it should not. A man-in-the-middle attacker could use this to interfere with a connection, resulting in an attacked party computing an incorrect shared secret. This vulnerability affects Firefox < 55. | |||||
| CVE-2017-7782 | 2 Microsoft, Mozilla | 4 Windows, Firefox, Firefox Esr and 1 more | 2019-10-03 | 5.0 MEDIUM | 5.3 MEDIUM |
| An error in the "WindowsDllDetourPatcher" where a RWX ("Read/Write/Execute") 4k block is allocated but never protected, violating DEP protections. Note: This attack only affects Windows operating systems. Other operating systems are not affected. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. | |||||
| CVE-2017-7816 | 1 Mozilla | 1 Firefox | 2019-10-03 | 5.0 MEDIUM | 5.3 MEDIUM |
| WebExtensions could use popups and panels in the extension UI to load an "about:" privileged URL, violating security checks that disallow this behavior. This vulnerability affects Firefox < 56. | |||||
| CVE-2017-7820 | 1 Mozilla | 1 Firefox | 2019-10-03 | 5.0 MEDIUM | 5.3 MEDIUM |
| The "instanceof" operator can bypass the Xray wrapper mechanism. When called on web content from the browser itself or an extension the web content can provide its own result for that operator, possibly tricking the browser or extension into mishandling the element. This vulnerability affects Firefox < 56. | |||||
| CVE-2017-7822 | 1 Mozilla | 1 Firefox | 2019-10-03 | 5.0 MEDIUM | 5.3 MEDIUM |
| The AES-GCM implementation in WebCrypto API accepts 0-length IV when it should require a length of 1 according to the NIST Special Publication 800-38D specification. This might allow for the authentication key to be determined in some instances. This vulnerability affects Firefox < 56. | |||||
| CVE-2017-7830 | 3 Debian, Mozilla, Redhat | 9 Debian Linux, Firefox, Firefox Esr and 6 more | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| The Resource Timing API incorrectly revealed navigations in cross-origin iframes. This is a same-origin policy violation and could allow for data theft of URLs loaded by users. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thunderbird < 52.5. | |||||
| CVE-2017-7849 | 1 Tenable | 1 Nessus | 2019-10-03 | 2.1 LOW | 5.5 MEDIUM |
| Nessus 6.10.x before 6.10.5 was found to be vulnerable to a local denial of service condition due to insecure permissions when running in Agent Mode. | |||||
| CVE-2017-7854 | 1 Radare | 1 Radare2 | 2019-10-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| The consume_init_expr function in wasm.c in radare2 1.3.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted Web Assembly file. | |||||
| CVE-2017-7960 | 1 Gnome | 1 Libcroco | 2019-10-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| The cr_input_new_from_uri function in cr-input.c in libcroco 0.6.11 and 0.6.12 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted CSS file. | |||||
| CVE-2017-7939 | 1 Entropymine | 1 Imageworsener | 2019-10-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| The read_next_pam_token function in imagew-pnm.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (stack-based buffer over-read) via a crafted file. | |||||
| CVE-2017-7941 | 2 Debian, Imagemagick | 2 Debian Linux, Imagemagick | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| The ReadSGIImage function in sgi.c in ImageMagick 7.0.5-4 allows remote attackers to consume an amount of available memory via a crafted file. | |||||
| CVE-2017-7942 | 1 Imagemagick | 1 Imagemagick | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| The ReadAVSImage function in avs.c in ImageMagick 7.0.5-4 allows remote attackers to consume an amount of available memory via a crafted file. | |||||
| CVE-2018-11242 | 1 Makemytrip | 1 Makemytrip | 2019-10-03 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in the MakeMyTrip application 7.2.4 for Android. The databases (locally stored) are not encrypted and have cleartext that might lead to sensitive information disclosure, as demonstrated by data/com.makemytrip/databases and data/com.makemytrip/Cache SQLite database files. | |||||
| CVE-2017-8034 | 1 Cloudfoundry | 3 Capi-release, Cf-release, Routing-release | 2019-10-03 | 6.0 MEDIUM | 6.6 MEDIUM |
| The Cloud Controller and Router in Cloud Foundry (CAPI-release capi versions prior to v1.32.0, Routing-release versions prior to v0.159.0, CF-release versions prior to v267) do not validate the issuer on JSON Web Tokens (JWTs) from UAA. With certain multi-zone UAA configurations, zone administrators are able to escalate their privileges. | |||||
| CVE-2017-8083 | 1 Compulab | 4 Intense Pc, Intense Pc Firmware, Mintbox 2 and 1 more | 2019-10-03 | 7.2 HIGH | 6.7 MEDIUM |
| CompuLab Intense PC and MintBox 2 devices with BIOS before 2017-05-21 do not use the CloseMnf protection mechanism for write protection of flash memory regions, which allows local users to install a firmware rootkit by leveraging administrative privileges. | |||||
| CVE-2018-10971 | 1 Flif | 1 Flif | 2019-10-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in Free Lossless Image Format (FLIF) 0.3. The Plane function in image/image.hpp allows remote attackers to cause a denial of service (attempted excessive memory allocation) via a crafted file. | |||||
| CVE-2018-10963 | 3 Canonical, Debian, Libtiff | 3 Ubuntu Linux, Debian Linux, Libtiff | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| The TIFFWriteDirectorySec() function in tif_dirwrite.c in LibTIFF through 4.0.9 allows remote attackers to cause a denial of service (assertion failure and application crash) via a crafted file, a different vulnerability than CVE-2017-13726. | |||||
| CVE-2018-10962 | 1 2345 Security Guard Project | 1 2345 Security Guard | 2019-10-03 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in Shanghai 2345 Security Guard 3.7.0. 2345MPCSafe.exe, 2345SafeTray.exe, and 2345Speedup.exe allow local users to bypass intended process protections, and consequently terminate processes, because mouse_event is not properly considered. | |||||
| CVE-2017-8314 | 2 Debian, Kodi | 2 Debian Linux, Kodi | 2019-10-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| Directory Traversal in Zip Extraction built-in function in Kodi 17.1 and earlier allows arbitrary file write on disk via a Zip file as subtitles. | |||||
| CVE-2017-8327 | 1 Entropymine | 1 Imageworsener | 2019-10-03 | 7.1 HIGH | 6.5 MEDIUM |
| The bmpr_read_uncompressed function in imagew-bmp.c in libimageworsener.a in ImageWorsener before 1.3.1 allows remote attackers to cause a denial of service (memory consumption) via a crafted image. | |||||
| CVE-2017-8363 | 2 Debian, Libsndfile Project | 2 Debian Linux, Libsndfile | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted audio file. | |||||
| CVE-2017-8365 | 2 Debian, Libsndfile Project | 2 Debian Linux, Libsndfile | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| The i2les_array function in pcm.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file. | |||||
| CVE-2017-8343 | 2 Debian, Imagemagick | 2 Debian Linux, Imagemagick | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| In ImageMagick 7.0.5-5, the ReadAAIImage function in aai.c allows attackers to cause a denial of service (memory leak) via a crafted file. | |||||
| CVE-2017-8344 | 2 Debian, Imagemagick | 2 Debian Linux, Imagemagick | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| In ImageMagick 7.0.5-5, the ReadPCXImage function in pcx.c allows attackers to cause a denial of service (memory leak) via a crafted file. | |||||
| CVE-2017-8345 | 2 Debian, Imagemagick | 2 Debian Linux, Imagemagick | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| In ImageMagick 7.0.5-5, the ReadMNGImage function in png.c allows attackers to cause a denial of service (memory leak) via a crafted file. | |||||
| CVE-2017-8346 | 2 Debian, Imagemagick | 2 Debian Linux, Imagemagick | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| In ImageMagick 7.0.5-5, the ReadDCMImage function in dcm.c allows attackers to cause a denial of service (memory leak) via a crafted file. | |||||
| CVE-2017-8347 | 2 Debian, Imagemagick | 2 Debian Linux, Imagemagick | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| In ImageMagick 7.0.5-5, the ReadEXRImage function in exr.c allows attackers to cause a denial of service (memory leak) via a crafted file. | |||||
| CVE-2017-8356 | 2 Debian, Imagemagick | 2 Debian Linux, Imagemagick | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| In ImageMagick 7.0.5-5, the ReadSUNImage function in sun.c allows attackers to cause a denial of service (memory leak) via a crafted file. | |||||
| CVE-2017-8357 | 2 Debian, Imagemagick | 2 Debian Linux, Imagemagick | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| In ImageMagick 7.0.5-5, the ReadEPTImage function in ept.c allows attackers to cause a denial of service (memory leak) via a crafted file. | |||||
| CVE-2017-8383 | 1 Craftcms | 1 Craft Cms | 2019-10-03 | 5.0 MEDIUM | 5.3 MEDIUM |
| Craft CMS before 2.6.2976 does not properly restrict viewing the contents of files in the craft/app/ folder. | |||||
| CVE-2018-10944 | 1 Rasputinonline | 1 Rasputin Online Coin | 2019-10-03 | 4.3 MEDIUM | 5.9 MEDIUM |
| The request_dividend function of a smart contract implementation for ROC (aka Rasputin Online Coin), an Ethereum ERC20 token, allows attackers to steal all of the contract's Ether. | |||||
| CVE-2017-8421 | 1 Gnu | 1 Binutils | 2019-10-03 | 7.1 HIGH | 5.5 MEDIUM |
| The function coff_set_alignment_hook in coffcode.h in Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a memory leak vulnerability which can cause memory exhaustion in objdump via a crafted PE file. Additional validation in dump_relocs_in_section in objdump.c can resolve this. | |||||
| CVE-2018-10938 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2019-10-03 | 7.1 HIGH | 5.9 MEDIUM |
| A flaw was found in the Linux kernel present since v4.0-rc1 and through v4.13-rc4. A crafted network packet sent remotely by an attacker may force the kernel to enter an infinite loop in the cipso_v4_optptr() function in net/ipv4/cipso_ipv4.c leading to a denial-of-service. A certain non-default configuration of LSM (Linux Security Module) and NetLabel should be set up on a system before an attacker could leverage this flaw. | |||||
| CVE-2017-8493 | 1 Microsoft | 5 Windows 10, Windows 8.1, Windows Rt 8.1 and 2 more | 2019-10-03 | 2.1 LOW | 5.5 MEDIUM |
| Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to set variables that are either read-only or require authentication when Windows fails to enforce case sensitivity for certain variable checks, aka "Windows Security Feature Bypass Vulnerability". | |||||
| CVE-2017-8637 | 1 Microsoft | 2 Edge, Windows 10 | 2019-10-03 | 2.6 LOW | 5.3 MEDIUM |
| Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to bypass Arbitrary Code Guard (ACG) due to how Microsoft Edge accesses memory in code compiled by the Edge Just-In-Time (JIT) compiler, aka "Scripting Engine Security Feature Bypass Vulnerability". | |||||
| CVE-2017-8508 | 1 Microsoft | 1 Outlook | 2019-10-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| A security feature bypass vulnerability exists in Microsoft Office software when it improperly handles the parsing of file formats, aka "Microsoft Office Security Feature Bypass Vulnerability". | |||||
| CVE-2017-8650 | 1 Microsoft | 2 Edge, Windows 10 | 2019-10-03 | 5.8 MEDIUM | 5.4 MEDIUM |
| Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to exploit a security feature bypass due to Microsoft Edge not properly enforcing same-origin policies, aka "Microsoft Edge Security Feature Bypass Vulnerability". | |||||
| CVE-2017-8515 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2019-10-03 | 4.9 MEDIUM | 5.5 MEDIUM |
| Microsoft Windows 10 1511, 1607, and 1703, and Windows Server 2016 allow an unauthenticated attacker to send a specially crafted kernel mode request to cause a denial of service on the target system, aka "Windows VAD Cloning Denial of Service Vulnerability". | |||||
| CVE-2017-8523 | 1 Microsoft | 3 Edge, Windows 10, Windows Server 2016 | 2019-10-03 | 4.3 MEDIUM | 4.3 MEDIUM |
| Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page with malicious content when Microsoft Edge fails to correctly apply Same Origin Policy for HTML elements present in other browser windows, aka "Microsoft Edge Security Feature Bypass Vulnerability". This CVE ID is unique from CVE-2017-8530 and CVE-2017-8555. | |||||
| CVE-2017-8530 | 1 Microsoft | 3 Edge, Windows 10, Windows Server 2016 | 2019-10-03 | 5.8 MEDIUM | 5.4 MEDIUM |
| Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page with malicious content when Microsoft Edge does not properly enforce same-origin policies, aka "Microsoft Edge Security Feature Bypass Vulnerability". This CVE ID is unique from CVE-2017-8523 and CVE-2017-8555. | |||||
| CVE-2017-8539 | 1 Microsoft | 11 Exchange Server, Forefront Security, Malware Protection Engine and 8 more | 2019-10-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka "Microsoft Malware Protection Engine Denial of Service Vulnerability", a different vulnerability than CVE-2017-8535, CVE-2017-8536, CVE-2017-8537, and CVE-2017-8542. | |||||
| CVE-2017-8542 | 1 Microsoft | 11 Exchange Server, Forefront Security, Malware Protection Engine and 8 more | 2019-10-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka "Microsoft Malware Protection Engine Denial of Service Vulnerability", a different vulnerability than CVE-2017-8535, CVE-2017-8536, CVE-2017-8537, and CVE-2017-8539. | |||||
| CVE-2018-10780 | 1 Exiv2 | 1 Exiv2 | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| Exiv2::Image::byteSwap2 in image.cpp in Exiv2 0.26 has a heap-based buffer over-read. | |||||
| CVE-2018-10779 | 2 Canonical, Libtiff | 2 Ubuntu Linux, Libtiff | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| TIFFWriteScanline in tif_write.c in LibTIFF 3.8.2 has a heap-based buffer over-read, as demonstrated by bmp2tiff. | |||||
| CVE-2017-8628 | 1 Microsoft | 5 Windows 10, Windows 7, Windows 8.1 and 2 more | 2019-10-03 | 4.3 MEDIUM | 6.8 MEDIUM |
| Microsoft Bluetooth Driver in Windows Server 2008 SP2, Windows 7 SP1, Windows 8.1, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703 allows a spoofing vulnerability due to Microsoft's implementation of the Bluetooth stack, aka "Microsoft Bluetooth Driver Spoofing Vulnerability". | |||||