Vulnerabilities (CVE)

CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-4232 3 Apple, Canonical, Microsoft 7 Icloud, Iphone Os, Itunes and 4 more 2019-10-03 4.3 MEDIUM 4.3 MEDIUM
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to overwrite cookies via a crafted web site.
CVE-2017-8867 1 Cognitoys 2 Stemosaur, Stemosaur Firmware 2019-10-03 4.3 MEDIUM 5.9 MEDIUM
Elemental Path's CogniToys Dino smart toys through firmware version 0.0.794 use AES-128 with ECB mode to encrypt voice traffic between the device and remote server, allowing a malicious user to map encrypted traffic to a particular AES key index and gaining further access to eavesdrop on privacy-sensitive voice communication of a child and their Dino device.
CVE-2017-8879 1 Dolibarr 1 Dolibarr 2019-10-03 4.6 MEDIUM 6.8 MEDIUM
Dolibarr ERP/CRM 4.0.4 allows password changes without supplying the current password, which makes it easier for physically proximate attackers to obtain access via an unattended workstation.
CVE-2017-8891 1 Dropbox 1 Lepton 2019-10-03 4.3 MEDIUM 5.5 MEDIUM
Dropbox Lepton 1.2.1 allows DoS (SEGV and application crash) via a malformed lepton file because the code does not ensure setup of a correct number of threads.
CVE-2017-17887 2 Canonical, Imagemagick 2 Ubuntu Linux, Imagemagick 2019-10-03 4.3 MEDIUM 6.5 MEDIUM
In ImageMagick 7.0.7-16 Q16, a memory leak vulnerability was found in the function GetImagePixelCache in magick/cache.c, which allows attackers to cause a denial of service via a crafted MNG image file that is processed by ReadOneMNGImage.
CVE-2018-0908 1 Microsoft 1 Identity Manager 2019-10-03 4.3 MEDIUM 6.1 MEDIUM
Microsoft Identity Manager 2016 SP1 allows an attacker to gain elevated privileges when it does not properly sanitize a specially crafted attribute value being displayed to a user on an affected MIM 2016 server, aka "Microsoft Identity Manager XSS Elevation of Privilege Vulnerability."
CVE-2017-5026 1 Google 1 Chrome 2019-10-03 4.3 MEDIUM 4.3 MEDIUM
Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, failed to prevent alerts from being displayed by swapped out frames, which allowed a remote attacker to show alerts on a page they don't control via a crafted HTML page.
CVE-2017-17747 1 Tp-link 2 Tl-sg108e, Tl-sg108e Firmware 2019-10-03 2.7 LOW 6.5 MEDIUM
Weak access controls in the Device Logout functionality on the TP-Link TL-SG108E v1.0.0 allow remote attackers to call the logout functionality, triggering a denial of service condition.
CVE-2018-4271 2 Apple, Microsoft 7 Icloud, Iphone Os, Itunes and 4 more 2019-10-03 4.3 MEDIUM 6.5 MEDIUM
Multiple memory corruption issues were addressed with improved input validation. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.
CVE-2017-17844 2 Debian, Enigmail 2 Debian Linux, Enigmail 2019-10-03 4.3 MEDIUM 6.5 MEDIUM
An issue was discovered in Enigmail before 1.9.9. A remote attacker can obtain cleartext content by sending an encrypted data block (that the attacker cannot directly decrypt) to a victim, and relying on the victim to automatically decrypt that block and then send it back to the attacker as quoted text, aka the TBE-01-005 "replay" issue.
CVE-2018-4251 1 Apple 1 Mac Os X 2019-10-03 7.1 HIGH 5.5 MEDIUM
An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "Firmware" component. It allows attackers to modify the EFI flash-memory region that a crafted app that has root access.
CVE-2017-17680 2 Canonical, Imagemagick 2 Ubuntu Linux, Imagemagick 2019-10-03 4.3 MEDIUM 6.5 MEDIUM
In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadXPMImage in coders/xpm.c, which allows attackers to cause a denial of service via a crafted xpm image file.
CVE-2018-4273 2 Apple, Microsoft 7 Icloud, Iphone Os, Itunes and 4 more 2019-10-03 4.3 MEDIUM 6.5 MEDIUM
Multiple memory corruption issues were addressed with improved input validation. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.
CVE-2017-9045 1 Google 1 Google I\/o 2017 2019-10-03 4.3 MEDIUM 5.9 MEDIUM
The Google I/O 2017 application before 5.1.4 for Android downloads multiple .json files from http://storage.googleapis.com without SSL, which makes it easier for man-in-the-middle attackers to spoof Feed and Schedule data by creating a modified blocks_v4.json file.
CVE-2017-9059 1 Linux 1 Linux Kernel 2019-10-03 4.9 MEDIUM 5.5 MEDIUM
The NFSv4 implementation in the Linux kernel through 4.11.1 allows local users to cause a denial of service (resource consumption) by leveraging improper channel callback shutdown when unmounting an NFSv4 filesystem, aka a "module reference and kernel daemon" leak.
CVE-2018-4283 1 Apple 1 Mac Os X 2019-10-03 4.9 MEDIUM 5.5 MEDIUM
An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue affected versions prior to macOS High Sierra 10.13.6.
CVE-2017-9208 2 Canonical, Qpdf Project 2 Ubuntu Linux, Qpdf 2019-10-03 4.3 MEDIUM 5.5 MEDIUM
libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, related to releaseResolved functions, aka qpdf-infiniteloop1.
CVE-2017-9209 2 Canonical, Qpdf Project 2 Ubuntu Linux, Qpdf 2019-10-03 4.3 MEDIUM 5.5 MEDIUM
libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, related to QPDFObjectHandle::parseInternal, aka qpdf-infiniteloop2.
CVE-2018-4290 1 Apple 2 Iphone Os, Watchos 2019-10-03 4.3 MEDIUM 5.9 MEDIUM
A denial of service issue was addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, watchOS 4.3.2.
CVE-2017-17553 1 Changyou 1 Dolphin 2019-10-03 5.0 MEDIUM 5.3 MEDIUM
The Dolphin Browser for Android 12.0.2 suffers from an insecure parsing implementation of the Intent URI scheme. This vulnerability could allow attackers to abuse this implementation through a malicious Intent URI, in order to invoke private Activities within the Dolphin Browser.
CVE-2017-9260 1 Surina 1 Soundtouch 2019-10-03 4.3 MEDIUM 5.5 MEDIUM
The TDStretchSSE::calcCrossCorr function in source/SoundTouch/sse_optimized.cpp in SoundTouch 1.9.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted wav file.
CVE-2017-9253 1 Audiocoding 1 Freeware Advanced Audio Decoder 2 2019-10-03 7.1 HIGH 5.5 MEDIUM
The mp4ff_read_stsd function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted mp4 file.
CVE-2017-9254 1 Audiocoding 1 Freeware Advanced Audio Decoder 2 2019-10-03 7.1 HIGH 5.5 MEDIUM
The mp4ff_read_stts function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted mp4 file.
CVE-2017-9273 1 Microfocus 2 Bi-directional Driver, Identity Manager 2019-10-03 5.0 MEDIUM 5.3 MEDIUM
The Bi-directional driver in IDM 4.5 before 4.0.3.0 could be susceptible to unauthorized log configuration changes.
CVE-2017-9340 1 Owncloud 1 Owncloud Server 2019-10-03 4.0 MEDIUM 6.5 MEDIUM
An attacker is logged in as a normal user and can somehow make admin to delete shared folders in ownCloud Server before 10.0.2.
CVE-2018-4324 1 Apple 1 Mac Os X 2019-10-03 4.3 MEDIUM 5.5 MEDIUM
A permissions issue existed in the handling of the Apple ID. This issue was addressed with improved access controls. This issue affected versions prior to macOS Mojave 10.14.
CVE-2017-9403 3 Canonical, Debian, Libtiff 3 Ubuntu Linux, Debian Linux, Libtiff 2019-10-03 4.3 MEDIUM 6.5 MEDIUM
In LibTIFF 4.0.7, a memory leak vulnerability was found in the function TIFFReadDirEntryLong8Array in tif_dirread.c, which allows attackers to cause a denial of service via a crafted file.
CVE-2017-9404 3 Canonical, Debian, Libtiff 3 Ubuntu Linux, Debian Linux, Libtiff 2019-10-03 4.3 MEDIUM 6.5 MEDIUM
In LibTIFF 4.0.7, a memory leak vulnerability was found in the function OJPEGReadHeaderInfoSecTablesQTable in tif_ojpeg.c, which allows attackers to cause a denial of service via a crafted file.
CVE-2017-9405 1 Imagemagick 1 Imagemagick 2019-10-03 4.3 MEDIUM 6.5 MEDIUM
In ImageMagick 7.0.5-5, the ReadICONImage function in icon.c:452 allows attackers to cause a denial of service (memory leak) via a crafted file.
CVE-2017-9406 2 Debian, Freedesktop 2 Debian Linux, Poppler 2019-10-03 4.3 MEDIUM 6.5 MEDIUM
In Poppler 0.54.0, a memory leak vulnerability was found in the function gmalloc in gmem.cc, which allows attackers to cause a denial of service via a crafted file.
CVE-2017-9407 1 Imagemagick 1 Imagemagick 2019-10-03 4.3 MEDIUM 6.5 MEDIUM
In ImageMagick 7.0.5-5, the ReadPALMImage function in palm.c allows attackers to cause a denial of service (memory leak) via a crafted file.
CVE-2017-9408 2 Debian, Freedesktop 2 Debian Linux, Poppler 2019-10-03 4.3 MEDIUM 6.5 MEDIUM
In Poppler 0.54.0, a memory leak vulnerability was found in the function Object::initArray in Object.cc, which allows attackers to cause a denial of service via a crafted file.
CVE-2017-9440 1 Imagemagick 1 Imagemagick 2019-10-03 4.3 MEDIUM 6.5 MEDIUM
In ImageMagick 7.0.5-5, a memory leak was found in the function ReadPSDChannel in coders/psd.c, which allows attackers to cause a denial of service via a crafted file.
CVE-2018-0003 1 Juniper 1 Junos 2019-10-03 6.1 MEDIUM 6.5 MEDIUM
A specially crafted MPLS packet received or processed by the system, on an interface configured with MPLS, will store information in the system memory. Subsequently, if this stored information is accessed, this may result in a kernel crash leading to a denial of service. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D71; 12.3 versions prior to 12.3R12-S7; 12.3X48 versions prior to 12.3X48-D55; 14.1 versions prior to 14.1R8-S5, 14.1R9; 14.1X53 versions prior to 14.1X53-D45, 14.1X53-D107; 14.2 versions prior to 14.2R7-S7, 14.2R8; 15.1 versions prior to 15.1F5-S8, 15.1F6-S8, 15.1R5-S6, 15.1R6-S3, 15.1R7; 15.1X49 versions prior to 15.1X49-D100; 15.1X53 versions prior to 15.1X53-D65, 15.1X53-D231; 16.1 versions prior to 16.1R3-S6, 16.1R4-S6, 16.1R5; 16.1X65 versions prior to 16.1X65-D45; 16.2 versions prior to 16.2R2-S1, 16.2R3; 17.1 versions prior to 17.1R2-S2, 17.1R3; 17.2 versions prior to 17.2R1-S3, 17.2R2; 17.2X75 versions prior to 17.2X75-D50. No other Juniper Networks products or platforms are affected by this issue.
CVE-2017-9493 2 Cisco, Motorola 2 Mx011anm Firmware, Mx011anm 2019-10-03 5.8 MEDIUM 6.3 MEDIUM
The Comcast firmware on Motorola MX011ANM (firmware version MX011AN_2.9p6s1_PROD_sey) devices allows remote attackers to conduct successful forced-pairing attacks (between an RF4CE remote and a set-top box) by repeatedly transmitting the same pairing code.
CVE-2017-9494 1 Motorola 2 Mx011anm, Mx011anm Firmware 2019-10-03 5.0 MEDIUM 5.3 MEDIUM
The Comcast firmware on Motorola MX011ANM (firmware version MX011AN_2.9p6s1_PROD_sey) devices allows remote attackers to enable a Remote Web Inspector that is accessible from the public Internet.
CVE-2017-9496 2 Cisco, Motorola 2 Mx011anm Firmware, Mx011anm 2019-10-03 4.6 MEDIUM 6.8 MEDIUM
The Comcast firmware on Motorola MX011ANM (firmware version MX011AN_2.9p6s1_PROD_sey) devices allows physically proximate attackers to access an SNMP server by connecting a cable to the Ethernet port, and then establishing communication with the device's link-local IPv6 address.
CVE-2017-9498 2 Comcast, Motorola 4 Xfinity Xr11-20, Xfinity Xr11-20 Firmware, Mx011anm and 1 more 2019-10-03 2.1 LOW 5.5 MEDIUM
The Comcast firmware on Motorola MX011ANM (firmware version MX011AN_2.9p6s1_PROD_sey) and Xfinity XR11-20 Voice Remote devices allows local users to upload arbitrary firmware images to an XR11 by leveraging root access. In other words, there is no protection mechanism involving digital signatures for the firmware.
CVE-2017-9499 1 Imagemagick 1 Imagemagick 2019-10-03 4.3 MEDIUM 6.5 MEDIUM
In ImageMagick 7.0.5-7 Q16, an assertion failure was found in the function SetPixelChannelAttributes, which allows attackers to cause a denial of service via a crafted file.
CVE-2017-9500 1 Imagemagick 1 Imagemagick 2019-10-03 4.3 MEDIUM 6.5 MEDIUM
In ImageMagick 7.0.5-8 Q16, an assertion failure was found in the function ResetImageProfileIterator, which allows attackers to cause a denial of service via a crafted file.
CVE-2017-9797 1 Apache 1 Geode 2019-10-03 5.8 MEDIUM 6.5 MEDIUM
When an Apache Geode cluster before v1.2.1 is operating in secure mode, an unauthenticated client can enter multi-user authentication mode and send metadata messages. These metadata operations could leak information about application data types. In addition, an attacker could perform a denial of service attack on the cluster.
CVE-2017-9792 1 Apache 1 Impala 2019-10-03 4.0 MEDIUM 6.5 MEDIUM
In Apache Impala (incubating) before 2.10.0, a malicious user with "ALTER" permissions on an Impala table can access any other Kudu table data by altering the table properties to make it "external" and then changing the underlying table mapping to point to other Kudu tables. This violates and works around the authorization requirement that creating a Kudu external table via Impala requires an "ALL" privilege at the server scope. This privilege requirement for "CREATE" commands is enforced to precisely avoid this scenario where a malicious user can change the underlying Kudu table mapping. The fix is to enforce the same privilege requirement for "ALTER" commands that would make existing non-external Kudu tables external.
CVE-2018-4351 1 Apple 1 Mac Os X 2019-10-03 4.3 MEDIUM 5.5 MEDIUM
A memory initialization issue was addressed with improved memory handling. This issue affected versions prior to macOS Mojave 10.14.
CVE-2017-0688 1 Google 1 Android 2019-10-03 4.3 MEDIUM 5.5 MEDIUM
A denial of service vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35584425.
CVE-2017-10195 1 Oracle 1 Hospitality Simphony 2019-10-03 4.3 MEDIUM 4.3 MEDIUM
Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: Import/Export). The supported version that is affected is 2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Simphony accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N).
CVE-2017-10175 1 Oracle 1 Isupport 2019-10-03 4.0 MEDIUM 4.3 MEDIUM
Vulnerability in the Oracle iSupport component of Oracle E-Business Suite (subcomponent: Profiles). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle iSupport. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle iSupport accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).
CVE-2017-10173 1 Oracle 1 Retail Open Commerce Platform Cloud Service 2019-10-03 5.0 MEDIUM 5.8 MEDIUM
Vulnerability in the Oracle Retail Open Commerce Platform component of Oracle Retail Applications (subcomponent: Website). Supported versions that are affected are 5.0, 5.1, 5.2, 5.3, 6.0, 6.1, 15.0 and 15.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Open Commerce Platform. While the vulnerability is in Oracle Retail Open Commerce Platform, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Open Commerce Platform accessible data. CVSS 3.0 Base Score 5.8 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N).
CVE-2017-10172 1 Oracle 1 Retail Open Commerce Platform Cloud Service 2019-10-03 5.8 MEDIUM 6.1 MEDIUM
Vulnerability in the Oracle Retail Open Commerce Platform component of Oracle Retail Applications (subcomponent: Framework). Supported versions that are affected are 5.0, 5.1, 5.2, 5.3, 6.0, 6.1, 15.0 and 15.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Open Commerce Platform. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Retail Open Commerce Platform, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Open Commerce Platform accessible data as well as unauthorized read access to a subset of Oracle Retail Open Commerce Platform accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).
CVE-2017-10128 1 Oracle 1 Hospitality Websuite8 Cloud Service 2019-10-03 5.8 MEDIUM 6.1 MEDIUM
Vulnerability in the Hospitality WebSuite8 Cloud Service component of Oracle Hospitality Applications (subcomponent: General). Supported versions that are affected are 8.9.6 and 8.10.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Hospitality WebSuite8 Cloud Service. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Hospitality WebSuite8 Cloud Service, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Hospitality WebSuite8 Cloud Service accessible data as well as unauthorized read access to a subset of Hospitality WebSuite8 Cloud Service accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).
CVE-2017-10126 1 Oracle 1 Peoplesoft Enterprise Prtl Interaction Hub 2019-10-03 5.8 MEDIUM 6.1 MEDIUM
Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub component of Oracle PeopleSoft Products (subcomponent: HTML Area). The supported version that is affected is 9.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PRTL Interaction Hub. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PRTL Interaction Hub, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PRTL Interaction Hub accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PRTL Interaction Hub accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).