Vulnerabilities (CVE)

CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-8347 2 Debian, Imagemagick 2 Debian Linux, Imagemagick 2019-10-03 4.3 MEDIUM 6.5 MEDIUM
In ImageMagick 7.0.5-5, the ReadEXRImage function in exr.c allows attackers to cause a denial of service (memory leak) via a crafted file.
CVE-2017-8346 2 Debian, Imagemagick 2 Debian Linux, Imagemagick 2019-10-03 4.3 MEDIUM 6.5 MEDIUM
In ImageMagick 7.0.5-5, the ReadDCMImage function in dcm.c allows attackers to cause a denial of service (memory leak) via a crafted file.
CVE-2017-8345 2 Debian, Imagemagick 2 Debian Linux, Imagemagick 2019-10-03 4.3 MEDIUM 6.5 MEDIUM
In ImageMagick 7.0.5-5, the ReadMNGImage function in png.c allows attackers to cause a denial of service (memory leak) via a crafted file.
CVE-2017-8344 2 Debian, Imagemagick 2 Debian Linux, Imagemagick 2019-10-03 4.3 MEDIUM 6.5 MEDIUM
In ImageMagick 7.0.5-5, the ReadPCXImage function in pcx.c allows attackers to cause a denial of service (memory leak) via a crafted file.
CVE-2017-8343 2 Debian, Imagemagick 2 Debian Linux, Imagemagick 2019-10-03 4.3 MEDIUM 6.5 MEDIUM
In ImageMagick 7.0.5-5, the ReadAAIImage function in aai.c allows attackers to cause a denial of service (memory leak) via a crafted file.
CVE-2017-8314 2 Debian, Kodi 2 Debian Linux, Kodi 2019-10-03 4.3 MEDIUM 5.5 MEDIUM
Directory Traversal in Zip Extraction built-in function in Kodi 17.1 and earlier allows arbitrary file write on disk via a Zip file as subtitles.
CVE-2018-9996 1 Gnu 1 Binutils 2019-10-03 4.3 MEDIUM 5.5 MEDIUM
An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_template_value_parm, demangle_integral_value, and demangle_expression.
CVE-2017-8235 1 Google 1 Android 2019-10-03 4.3 MEDIUM 5.5 MEDIUM
In all Android releases from CAF using the Linux kernel, a memory structure in a camera driver is not properly protected.
CVE-2017-8168 1 Huawei 1 Fusionsphere Openstack 2019-10-03 3.3 LOW 4.3 MEDIUM
FusionSphere OpenStack with software V100R006C00SPC102(NFV) and V100R006C10 have an information leak vulnerability. Due to an incorrect configuration item, the information transmitted by a transmission channel is not encrypted. An attacker accessing the internal network may obtain sensitive information transmitted.
CVE-2017-8158 1 Huawei 1 Fusioncompute 2019-10-03 4.9 MEDIUM 6.5 MEDIUM
FusionCompute V100R005C00 and V100R005C10 have an improper authorization vulnerability due to improper permission settings for a certain file on the host machine. An authenticated attacker could create a large number of virtual machine (VM) processes to exhaust system resources. Successful exploit could make new VMs unavailable.
CVE-2017-8157 1 Huawei 4 Oceanstor 5800 V3, Oceanstor 5800 V3 Firmware, Oceanstor 6900 V3 and 1 more 2019-10-03 4.3 MEDIUM 5.9 MEDIUM
OceanStor 5800 V3 with software V300R002C00 and V300R002C10, OceanStor 6900 V3 V300R001C00 has an information leakage vulnerability. Products use TLS1.0 to encrypt. Attackers can exploit TLS1.0's vulnerabilities to decrypt data to obtain sensitive information.
CVE-2017-8154 1 Huawei 2 Honor 8 Lite, Honor 8 Lite Firmware 2019-10-03 2.6 LOW 5.3 MEDIUM
The Themes App Honor 8 Lite Huawei mobile phones with software of versions before Prague-L31C576B172, versions before Prague-L31C530B160, versions before Prague-L31C432B180 has a man-in-the-middle (MITM) vulnerability due to the use of the insecure HTTP protocol for theme download. An attacker may exploit this vulnerability to tamper with downloaded themes.
CVE-2017-8039 1 Pivotal 1 Spring Web Flow 2019-10-03 4.3 MEDIUM 5.9 MEDIUM
An issue was discovered in Pivotal Spring Web Flow through 2.4.5. Applications that do not change the value of the MvcViewFactoryCreator useSpringBinding property which is disabled by default (i.e., set to 'false') can be vulnerable to malicious EL expressions in view states that process form submissions but do not have a sub-element to declare explicit data binding property mappings. NOTE: this issue exists because of an incomplete fix for CVE-2017-4971.
CVE-2017-8034 1 Cloudfoundry 3 Capi-release, Cf-release, Routing-release 2019-10-03 6.0 MEDIUM 6.6 MEDIUM
The Cloud Controller and Router in Cloud Foundry (CAPI-release capi versions prior to v1.32.0, Routing-release versions prior to v0.159.0, CF-release versions prior to v267) do not validate the issuer on JSON Web Tokens (JWTs) from UAA. With certain multi-zone UAA configurations, zone administrators are able to escalate their privileges.
CVE-2017-7999 1 Eucalyptus 1 Eucalyptus 2019-10-03 3.5 LOW 6.5 MEDIUM
Atlassian Eucalyptus before 4.4.1, when in EDGE mode, allows remote authenticated users with certain privileges to cause a denial of service (E2 service outage) via unspecified vectors.
CVE-2018-7757 1 Linux 1 Linux Kernel 2019-10-03 2.1 LOW 5.5 MEDIUM
Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (memory consumption) via many read accesses to files in the /sys/class/sas_phy directory, as demonstrated by the /sys/class/sas_phy/phy-1:0:12/invalid_dword_count file.
CVE-2017-7988 1 Joomla 1 Joomla\! 2019-10-03 5.0 MEDIUM 5.3 MEDIUM
In Joomla! 1.6.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering of form contents allows overwriting the author of an article.
CVE-2017-7943 2 Debian, Imagemagick 2 Debian Linux, Imagemagick 2019-10-03 4.3 MEDIUM 6.5 MEDIUM
The ReadSVGImage function in svg.c in ImageMagick 7.0.5-4 allows remote attackers to consume an amount of available memory via a crafted file.
CVE-2017-7737 1 Fortinet 1 Fortiweb 2019-10-03 4.0 MEDIUM 4.9 MEDIUM
An information disclosure vulnerability in Fortinet FortiWeb 5.8.2 and below versions allows logged-in admin user to view SNMPv3 user password in cleartext in webui via the HTML source code.
CVE-2018-7911 1 Huawei 10 Alp-al00b, Alp-al00b-rsc, Alp-al00b-rsc Firmware and 7 more 2019-10-03 4.9 MEDIUM 4.6 MEDIUM
Some Huawei smart phones ALP-AL00B 8.0.0.106(C00), 8.0.0.113(SP2C00), 8.0.0.113(SP3C00), 8.0.0.113(SP7C00), 8.0.0.118(C00), 8.0.0.120(SP2C00), 8.0.0.125(SP1C00), 8.0.0.125(SP3C00), 8.0.0.126(SP2C00), 8.0.0.126(SP5C00), 8.0.0.127(SP1C00), 8.0.0.128(SP2C00), ALP-AL00B-RSC 1.0.0.2, BLA-TL00B 8.0.0.113(SP7C01), 8.0.0.118(C01), 8.0.0.120(SP2C01), 8.0.0.125(SP1C01), 8.0.0.125(SP2C01), 8.0.0.125(SP3C01), 8.0.0.126(SP2C01), 8.0.0.126(SP5C01), 8.0.0.127(SP1C01), 8.0.0.128(SP2C01), 8.0.0.129(SP2C01), Charlotte-AL00A 8.1.0.105(SP7C00), 8.1.0.106(SP3C00), 8.1.0.107(SP5C00), 8.1.0.107(SP7C00), 8.1.0.108(SP3C00), 8.1.0.108(SP6C00), 8.1.0.109(SP2C00), Emily-AL00A 8.1.0.105(SP6C00), 8.1.0.106(SP2C00), 8.1.0.107(SP5C00), 8.1.0.107(SP7C00), 8.1.0.108(SP2C00), 8.1.0.108(SP6C00), 8.1.0.109(SP5C00) have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can login the configuration flow by Gaode Map and can perform some operations to update the Google account. As a result, the FRP function is bypassed.
CVE-2018-7929 1 Huawei 2 Mate Rs, Mate Rs Firmware 2019-10-03 4.6 MEDIUM 6.8 MEDIUM
Huawei Mate RS smartphones with the versions before NEO-AL00D 8.1.0.167(C786) have a lock-screen bypass vulnerability. An attacker could unlock and use the phone through certain operations.
CVE-2018-7931 1 Huawei 1 Appgallery 2019-10-03 4.3 MEDIUM 4.3 MEDIUM
Huawei AppGallery versions before 8.0.4.301 has a whitelist mechanism bypass vulnerability. An attacker may set up a malicious network environment and trick user into accessing a malicious web page to bypass the whitelist mechanism.
CVE-2017-7700 2 Debian, Wireshark 2 Debian Linux, Wireshark 2019-10-03 7.1 HIGH 6.5 MEDIUM
In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the NetScaler file parser could go into an infinite loop, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by ensuring a nonzero record size.
CVE-2018-7936 1 Huawei 2 Mate 10 Pro, Mate 10 Pro Firmware 2019-10-03 4.9 MEDIUM 4.6 MEDIUM
Mate 10 Pro Huawei smart phones with the versions before BLA-L29 8.0.0.148(C432) have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can connect the phone with PC and send special instructions to install third party desktop and disable the boot wizard. As a result, the FRP function is bypassed.
CVE-2018-7956 1 Huawei 7 Mate 20, Mate 20 Firmware, Nova 3 and 4 more 2019-10-03 5.0 MEDIUM 5.3 MEDIUM
Huawei VIP App is a mobile app for Malaysia customers that purchased P20 Series, Nova 3/3i and Mate 20. There is a vulnerability in versions before 4.0.5 that attackers can conduct bruteforce to the VIP App Web Services to get user information.
CVE-2018-9849 1 Pulsesecure 1 Pulse Connect Secure 2019-10-03 4.3 MEDIUM 5.5 MEDIUM
Pulse Secure Pulse Connect Secure 8.1.x before 8.1R14, 8.2.x before 8.2R11, and 8.3.x before 8.3R5 do not properly process nested XML entities, which allows remote attackers to cause a denial of service (memory consumption and memory errors) via a crafted XML document.
CVE-2018-7988 1 Huawei 4 Mate 9 Pro, Mate 9 Pro Firmware, Nova 2 Plus and 1 more 2019-10-03 3.6 LOW 4.6 MEDIUM
There is a Factory Reset Protection (FRP) bypass vulnerability on several smartphones. The system does not sufficiently verify the permission, an attacker uses a data cable to connect the smartphone to another smartphone and then perform a series of specific operations. Successful exploit could allow the attacker bypass the FRP protection.
CVE-2018-7990 1 Huawei 2 Mate 10 Pro, Mate 10 Pro Firmware 2019-10-03 4.9 MEDIUM 4.6 MEDIUM
Mate10 Pro Huawei smart phones with the versions before 8.1.0.326(C00) have a FRP bypass vulnerability. During the mobile phone reseting process, an attacker could bypass "Find My Phone" protect after a series of voice and keyboard operations. Successful exploit could allow an attacker to bypass FRP.
CVE-2018-7991 1 Huawei 2 Mate10, Mate10 Firmware 2019-10-03 2.1 LOW 4.6 MEDIUM
Huawei smartphones Mate10 with versions earlier before ALP-AL00B 8.0.0.110(C00) have a Factory Reset Protection (FRP) bypass vulnerability. The system does not sufficiently verify the permission, an attacker uses a data cable to connect the smartphone to the computer and then perform some specific operations. Successful exploit could allow the attacker bypass the FRP protection to access the system setting page.
CVE-2018-8036 1 Apache 1 Pdfbox 2019-10-03 4.3 MEDIUM 6.5 MEDIUM
In Apache PDFBox 1.8.0 to 1.8.14 and 2.0.0RC1 to 2.0.10, a carefully crafted (or fuzzed) file can trigger an infinite loop which leads to an out of memory exception in Apache PDFBox's AFMParser.
CVE-2018-9840 1 Signal 1 Signal 2019-10-03 4.6 MEDIUM 6.8 MEDIUM
The Open Whisper Signal app before 2.23.2 for iOS allows physically proximate attackers to bypass the screen locker feature via certain rapid sequences of actions that include app opening, clicking on cancel, and using the home button.
CVE-2018-8005 2 Apache, Debian 2 Traffic Server, Debian Linux 2019-10-03 5.0 MEDIUM 5.3 MEDIUM
When there are multiple ranges in a range request, Apache Traffic Server (ATS) will read the entire object from cache. This can cause performance problems with large objects in cache. This affects versions 6.0.0 to 6.2.2 and 7.0.0 to 7.1.3. To resolve this issue users running 6.x users should upgrade to 6.2.3 or later versions and 7.x users should upgrade to 7.1.4 or later versions.
CVE-2017-7624 1 Entropymine 1 Imageworsener 2019-10-03 4.3 MEDIUM 5.5 MEDIUM
The iw_read_bmp_file function in imagew-bmp.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to consume an amount of available memory via a crafted file.
CVE-2018-8017 1 Apache 1 Tika 2019-10-03 4.3 MEDIUM 5.5 MEDIUM
In Apache Tika 1.2 to 1.18, a carefully crafted file can trigger an infinite loop in the IptcAnpaParser.
CVE-2017-7623 1 Entropymine 1 Imageworsener 2019-10-03 4.3 MEDIUM 5.5 MEDIUM
The iwmiffr_convert_row32 function in imagew-miff.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file.
CVE-2018-8040 2 Apache, Debian 2 Traffic Server, Debian Linux 2019-10-03 5.0 MEDIUM 5.3 MEDIUM
Pages that are rendered using the ESI plugin can have access to the cookie header when the plugin is configured not to allow access. This affects Apache Traffic Server (ATS) versions 6.0.0 to 6.2.2 and 7.0.0 to 7.1.3. To resolve this issue users running 6.x should upgrade to 6.2.3 or later versions and 7.x users should upgrade to 7.1.4 or later versions.
CVE-2017-7542 1 Linux 1 Linux Kernel 2019-10-03 4.9 MEDIUM 5.5 MEDIUM
The ip6_find_1stfragopt function in net/ipv6/output_core.c in the Linux kernel through 4.12.3 allows local users to cause a denial of service (integer overflow and infinite loop) by leveraging the ability to open a raw socket.
CVE-2018-8087 3 Canonical, Debian, Linux 3 Ubuntu Linux, Debian Linux, Linux Kernel 2019-10-03 4.9 MEDIUM 5.5 MEDIUM
Memory leak in the hwsim_new_radio_nl function in drivers/net/wireless/mac80211_hwsim.c in the Linux kernel through 4.15.9 allows local users to cause a denial of service (memory consumption) by triggering an out-of-array error case.
CVE-2018-8105 1 Xpdfreader 1 Xpdf 2019-10-03 4.3 MEDIUM 5.5 MEDIUM
The JPXStream::fillReadBuf function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml.
CVE-2018-8106 1 Xpdfreader 1 Xpdf 2019-10-03 4.3 MEDIUM 5.5 MEDIUM
The JPXStream::readTilePartData function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml.
CVE-2018-8107 1 Xpdfreader 1 Xpdf 2019-10-03 4.3 MEDIUM 5.5 MEDIUM
The JPXStream::close function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml.
CVE-2018-8129 1 Microsoft 2 Windows 10, Windows Server 2016 2019-10-03 4.6 MEDIUM 5.3 MEDIUM
A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard, aka "Windows Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0854, CVE-2018-0958, CVE-2018-8132.
CVE-2018-8132 1 Microsoft 2 Windows 10, Windows Server 2016 2019-10-03 4.6 MEDIUM 5.3 MEDIUM
A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard, aka "Windows Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0854, CVE-2018-0958, CVE-2018-8129.
CVE-2018-8140 1 Microsoft 3 Windows 10, Windows Server 1803, Windows Server 2016 2019-10-03 4.6 MEDIUM 6.8 MEDIUM
An Elevation of Privilege vulnerability exists when Cortana retrieves data from user input services without consideration for status, aka "Cortana Elevation of Privilege Vulnerability." This affects Windows 10 Servers, Windows 10.
CVE-2018-8142 1 Microsoft 2 Windows 10, Windows Server 2016 2019-10-03 4.6 MEDIUM 5.3 MEDIUM
A security feature bypass exists when Windows incorrectly validates kernel driver signatures, aka "Windows Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-1035.
CVE-2018-8150 1 Microsoft 1 Office 2019-10-03 4.3 MEDIUM 6.5 MEDIUM
A security feature bypass vulnerability exists when the Microsoft Outlook attachment block filter does not properly handle attachments, aka "Microsoft Outlook Security Feature Bypass Vulnerability." This affects Microsoft Office.
CVE-2018-8151 1 Microsoft 1 Exchange Server 2019-10-03 4.3 MEDIUM 4.3 MEDIUM
An information disclosure vulnerability exists when Microsoft Exchange improperly handles objects in memory, aka "Microsoft Exchange Memory Corruption Vulnerability." This affects Microsoft Exchange Server. This CVE ID is unique from CVE-2018-8154.
CVE-2018-8152 1 Microsoft 1 Exchange Server 2019-10-03 5.8 MEDIUM 5.4 MEDIUM
An elevation of privilege vulnerability exists when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests, aka "Microsoft Exchange Server Elevation of Privilege Vulnerability." This affects Microsoft Exchange Server.
CVE-2018-8159 1 Microsoft 1 Exchange Server 2019-10-03 5.8 MEDIUM 5.4 MEDIUM
An elevation of privilege vulnerability exists when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests, aka "Microsoft Exchange Elevation of Privilege Vulnerability." This affects Microsoft Exchange Server.
CVE-2017-7532 1 Moodle 1 Moodle 2019-10-03 4.0 MEDIUM 6.5 MEDIUM
In Moodle 3.x, course creators are able to change system default settings for courses.