Search
Total
21119 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-1550 | 1 Ibm | 1 Sterling File Gateway | 2019-10-03 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Sterling File Gateway 2.2 could allow an authenticated user to change other user's passwords. IBM X-Force ID: 131290. | |||||
| CVE-2017-15524 | 1 Kemptechnologies | 1 Web Application Firewall | 2019-10-03 | 6.4 MEDIUM | 9.1 CRITICAL |
| The Application Firewall Pack (AFP, aka Web Application Firewall) component on Kemp Load Balancer devices with software before 7.2.40.1 allows a Security Feature Bypass via an HTTP POST request. | |||||
| CVE-2017-15525 | 1 Symantec | 1 Endpoint Encryption | 2019-10-03 | 5.5 MEDIUM | 4.5 MEDIUM |
| Prior to SEE v11.1.3MP1, Symantec Endpoint Encryption can be susceptible to a denial of service (DoS) attack, which is a type of attack whereby the perpetrator attempts to make a particular machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a specific host within a network. | |||||
| CVE-2017-1557 | 1 Ibm | 1 Websphere Mq | 2019-10-03 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user with authority to send a specially crafted request that could cause a channel process to cease processing further requests. IBM X-Force ID: 131547. | |||||
| CVE-2017-15594 | 1 Xen | 1 Xen | 2019-10-03 | 4.6 MEDIUM | 8.8 HIGH |
| An issue was discovered in Xen through 4.9.x allowing x86 SVM PV guest OS users to cause a denial of service (hypervisor crash) or gain privileges because IDT settings are mishandled during CPU hotplugging. | |||||
| CVE-2017-15575 | 2 Debian, Redmine | 2 Debian Linux, Redmine | 2019-10-03 | 7.5 HIGH | 7.3 HIGH |
| In Redmine before 3.2.6 and 3.3.x before 3.3.3, Redmine.pm lacks a check for whether the Repository module is enabled in a project's settings, which might allow remote attackers to obtain sensitive differences information or possibly have unspecified other impact. | |||||
| CVE-2017-15590 | 1 Xen | 1 Xen | 2019-10-03 | 4.6 MEDIUM | 8.8 HIGH |
| An issue was discovered in Xen through 4.9.x allowing x86 guest OS users to cause a denial of service (hypervisor crash) or possibly gain privileges because MSI mapping was mishandled. | |||||
| CVE-2017-15613 | 1 Tp-link | 76 Er5110g, Er5110g Firmware, Er5120g and 73 more | 2019-10-03 | 9.0 HIGH | 7.2 HIGH |
| TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-interface variable in the cmxddns.lua file. | |||||
| CVE-2017-15614 | 1 Tp-link | 76 Er5110g, Er5110g Firmware, Er5120g and 73 more | 2019-10-03 | 9.0 HIGH | 7.2 HIGH |
| TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-outif variable in the pptp_client.lua file. | |||||
| CVE-2017-15615 | 1 Tp-link | 76 Er5110g, Er5110g Firmware, Er5120g and 73 more | 2019-10-03 | 9.0 HIGH | 7.2 HIGH |
| TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the lcpechointerval variable in the pptp_client.lua file. | |||||
| CVE-2017-15616 | 1 Tp-link | 76 Er5110g, Er5110g Firmware, Er5120g and 73 more | 2019-10-03 | 9.0 HIGH | 7.2 HIGH |
| TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-interface variable in the phddns.lua file. | |||||
| CVE-2017-15617 | 1 Tp-link | 76 Er5110g, Er5110g Firmware, Er5120g and 73 more | 2019-10-03 | 9.0 HIGH | 7.2 HIGH |
| TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the iface variable in the interface_wan.lua file. | |||||
| CVE-2017-15618 | 1 Tp-link | 76 Er5110g, Er5110g Firmware, Er5120g and 73 more | 2019-10-03 | 9.0 HIGH | 7.2 HIGH |
| TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-enable variable in the pptp_client.lua file. | |||||
| CVE-2017-15619 | 1 Tp-link | 76 Er5110g, Er5110g Firmware, Er5120g and 73 more | 2019-10-03 | 9.0 HIGH | 7.2 HIGH |
| TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the pptphellointerval variable in the pptp_client.lua file. | |||||
| CVE-2017-15620 | 1 Tp-link | 76 Er5110g, Er5110g Firmware, Er5120g and 73 more | 2019-10-03 | 9.0 HIGH | 7.2 HIGH |
| TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-zone variable in the ipmac_import.lua file. | |||||
| CVE-2017-15621 | 1 Tp-link | 76 Er5110g, Er5110g Firmware, Er5120g and 73 more | 2019-10-03 | 9.0 HIGH | 7.2 HIGH |
| TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the olmode variable in the interface_wan.lua file. | |||||
| CVE-2017-15622 | 1 Tp-link | 76 Er5110g, Er5110g Firmware, Er5120g and 73 more | 2019-10-03 | 9.0 HIGH | 7.2 HIGH |
| TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-mppeencryption variable in the pptp_client.lua file. | |||||
| CVE-2017-15623 | 1 Tp-link | 76 Er5110g, Er5110g Firmware, Er5120g and 73 more | 2019-10-03 | 9.0 HIGH | 7.2 HIGH |
| TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-enable variable in the pptp_server.lua file. | |||||
| CVE-2017-15624 | 1 Tp-link | 76 Er5110g, Er5110g Firmware, Er5120g and 73 more | 2019-10-03 | 9.0 HIGH | 7.2 HIGH |
| TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-authtype variable in the pptp_server.lua file. | |||||
| CVE-2017-15625 | 1 Tp-link | 76 Er5110g, Er5110g Firmware, Er5120g and 73 more | 2019-10-03 | 9.0 HIGH | 7.2 HIGH |
| TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-olmode variable in the pptp_client.lua file. | |||||
| CVE-2017-15626 | 1 Tp-link | 76 Er5110g, Er5110g Firmware, Er5120g and 73 more | 2019-10-03 | 9.0 HIGH | 7.2 HIGH |
| TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-bindif variable in the pptp_server.lua file. | |||||
| CVE-2017-15627 | 1 Tp-link | 76 Er5110g, Er5110g Firmware, Er5120g and 73 more | 2019-10-03 | 9.0 HIGH | 7.2 HIGH |
| TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-pns variable in the pptp_client.lua file. | |||||
| CVE-2017-15628 | 1 Tp-link | 76 Er5110g, Er5110g Firmware, Er5120g and 73 more | 2019-10-03 | 9.0 HIGH | 7.2 HIGH |
| TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the lcpechointerval variable in the pptp_server.lua file. | |||||
| CVE-2017-15629 | 1 Tp-link | 76 Er5110g, Er5110g Firmware, Er5120g and 73 more | 2019-10-03 | 9.0 HIGH | 7.2 HIGH |
| TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-tunnelname variable in the pptp_client.lua file. | |||||
| CVE-2017-15630 | 1 Tp-link | 76 Er5110g, Er5110g Firmware, Er5120g and 73 more | 2019-10-03 | 9.0 HIGH | 7.2 HIGH |
| TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-remotesubnet variable in the pptp_client.lua file. | |||||
| CVE-2017-15631 | 1 Tp-link | 76 Er5110g, Er5110g Firmware, Er5120g and 73 more | 2019-10-03 | 9.0 HIGH | 7.2 HIGH |
| TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-workmode variable in the pptp_client.lua file. | |||||
| CVE-2017-15632 | 1 Tp-link | 76 Er5110g, Er5110g Firmware, Er5120g and 73 more | 2019-10-03 | 9.0 HIGH | 7.2 HIGH |
| TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-mppeencryption variable in the pptp_server.lua file. | |||||
| CVE-2017-15633 | 1 Tp-link | 76 Er5110g, Er5110g Firmware, Er5120g and 73 more | 2019-10-03 | 9.0 HIGH | 7.2 HIGH |
| TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-ipgroup variable in the session_limits.lua file. | |||||
| CVE-2017-15634 | 1 Tp-link | 76 Er5110g, Er5110g Firmware, Er5120g and 73 more | 2019-10-03 | 9.0 HIGH | 7.2 HIGH |
| TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the name variable in the wportal.lua file. | |||||
| CVE-2017-15635 | 1 Tp-link | 76 Er5110g, Er5110g Firmware, Er5120g and 73 more | 2019-10-03 | 9.0 HIGH | 7.2 HIGH |
| TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the max_conn variable in the session_limits.lua file. | |||||
| CVE-2017-15636 | 1 Tp-link | 76 Er5110g, Er5110g Firmware, Er5120g and 73 more | 2019-10-03 | 9.0 HIGH | 7.2 HIGH |
| TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-time variable in the webfilter.lua file. | |||||
| CVE-2017-15637 | 1 Tp-link | 76 Er5110g, Er5110g Firmware, Er5120g and 73 more | 2019-10-03 | 9.0 HIGH | 7.2 HIGH |
| TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the pptphellointerval variable in the pptp_server.lua file. | |||||
| CVE-2017-15638 | 2 Opensuse, Suse | 5 Leap, Linux Enterprise Desktop, Linux Enterprise Server and 2 more | 2019-10-03 | 6.4 MEDIUM | 6.5 MEDIUM |
| The SuSEfirewall2 package before 3.6.312-2.13.1 in SUSE Linux Enterprise (SLE) Desktop 12 SP2, Server 12 SP2, and Server for Raspberry Pi 12 SP2; before 3.6.312.333-3.10.1 in SLE Desktop 12 SP3 and Server 12 SP3; before 3.6_SVNr208-2.18.3.1 in SLE Server 11 SP4; before 3.6.312-5.9.1 in openSUSE Leap 42.2; and before 3.6.312.333-7.1 in openSUSE Leap 42.3 might allow remote attackers to bypass intended access restrictions on the portmap service by leveraging a missing source net restriction for _rpc_ services. | |||||
| CVE-2017-15702 | 1 Apache | 1 Qpid Java | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| In Apache Qpid Broker-J 0.18 through 0.32, if the broker is configured with different authentication providers on different ports one of which is an HTTP port, then the broker can be tricked by a remote unauthenticated attacker connecting to the HTTP port into using an authentication provider that was configured on a different port. The attacker still needs valid credentials with the authentication provider on the spoofed port. This becomes an issue when the spoofed port has weaker authentication protection (e.g., anonymous access, default accounts) and is normally protected by firewall rules or similar which can be circumvented by this vulnerability. AMQP ports are not affected. Versions 6.0.0 and newer are not affected. | |||||
| CVE-2017-15718 | 1 Apache | 1 Hadoop | 2019-10-03 | 5.0 MEDIUM | 9.8 CRITICAL |
| The YARN NodeManager in Apache Hadoop 2.7.3 and 2.7.4 can leak the password for credential store provider used by the NodeManager to YARN Applications. | |||||
| CVE-2017-15841 | 1 Qualcomm | 32 Sd 410, Sd 410 Firmware, Sd 412 and 29 more | 2019-10-03 | 4.9 MEDIUM | 5.5 MEDIUM |
| When HOST sends a Special command ID packet, Controller triggers a RAM Dump and FW reset in Snapdragon Mobile in version SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 835, Snapdragon_High_Med_2016. | |||||
| CVE-2017-15896 | 1 Nodejs | 1 Node.js | 2019-10-03 | 6.4 MEDIUM | 9.1 CRITICAL |
| Node.js was affected by OpenSSL vulnerability CVE-2017-3737 in regards to the use of SSL_read() due to TLS handshake failure. The result was that an active network attacker could send application data to Node.js using the TLS or HTTP2 modules in a way that bypassed TLS authentication and encryption. | |||||
| CVE-2017-15864 | 2 Debian, Otrs | 2 Debian Linux, Otrs | 2019-10-03 | 4.0 MEDIUM | 8.8 HIGH |
| In the Agent Frontend in Open Ticket Request System (OTRS) 3.3.x through 3.3.18, with a crafted URL it is possible to gain information like database user and password. | |||||
| CVE-2017-15914 | 1 Borgbackup | 1 Borg | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| Incorrect implementation of access controls allows remote users to override repository restrictions in Borg servers 1.1.x before 1.1.3. | |||||
| CVE-2017-15923 | 2 Debian, Konversation | 2 Debian Linux, Konversation | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| Konversation 1.4.x, 1.5.x, 1.6.x, and 1.7.x before 1.7.3 allow remote attackers to cause a denial of service (crash) via vectors related to parsing of IRC color formatting codes. | |||||
| CVE-2017-16523 | 1 Mitrastar | 4 Dsl-100hn-t1, Dsl-100hn-t1 Firmware, Gpt-2541gnac and 1 more | 2019-10-03 | 10.0 HIGH | 9.8 CRITICAL |
| MitraStar GPT-2541GNAC (HGU) 1.00(VNJ0)b1 and DSL-100HN-T1 ES_113WJY0b16 devices have a zyad1234 password for the zyad1234 account, which is equivalent to root and undocumented. | |||||
| CVE-2017-16366 | 1 Adobe | 4 Acrobat, Acrobat Dc, Acrobat Reader and 1 more | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a security bypass vulnerability in the AcroPDF plugin. | |||||
| CVE-2017-1612 | 1 Ibm | 1 Websphere Mq | 2019-10-03 | 4.6 MEDIUM | 7.8 HIGH |
| IBM WebSphere MQ 7.0, 7.1, 7.5, 8.0, and 9.0 service trace module could be used to execute untrusted code under 'mqm' user. IBM X-Force ID: 132953. | |||||
| CVE-2017-16228 | 1 Dulwich Project | 1 Dulwich | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| Dulwich before 0.18.5, when an SSH subprocess is used, allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-1000116, and CVE-2017-1000117. | |||||
| CVE-2017-16239 | 1 Openstack | 1 Nova | 2019-10-03 | 4.0 MEDIUM | 6.5 MEDIUM |
| In OpenStack Nova through 14.0.9, 15.x through 15.0.7, and 16.x through 16.0.2, by rebuilding an instance, an authenticated user may be able to circumvent the Filter Scheduler bypassing imposed filters (for example, the ImagePropertiesFilter or the IsolatedHostsFilter). All setups using Nova Filter Scheduler are affected. Because of the regression described in Launchpad Bug #1732947, the preferred fix is a 14.x version after 14.0.10, a 15.x version after 15.0.8, or a 16.x version after 16.0.3. | |||||
| CVE-2017-16249 | 1 Brother | 2 Dcp-j132w, Dcp-j132w Firmware | 2019-10-03 | 7.8 HIGH | 7.5 HIGH |
| The Debut embedded http server contains a remotely exploitable denial of service where a single malformed HTTP POST request can cause the server to hang until eventually replying (~300 seconds) with an HTTP 500 error. While the server is hung, print jobs over the network are blocked and the web interface is inaccessible. An attacker can continuously send this malformed request to keep the device inaccessible to legitimate traffic. | |||||
| CVE-2017-16361 | 1 Adobe | 4 Acrobat, Acrobat Dc, Acrobat Reader and 1 more | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a security bypass vulnerability when handling XFDF files. | |||||
| CVE-2017-16380 | 1 Adobe | 4 Acrobat, Acrobat Dc, Acrobat Reader and 1 more | 2019-10-03 | 9.3 HIGH | 8.8 HIGH |
| An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a security bypass vulnerability for a certain file-type extension. Acrobat maintains both a blacklist and whitelist (the user can specify an allowed attachment). However, any file extensions that are neither on the blacklist nor the whitelist can still be opened after displaying a warning prompt. | |||||
| CVE-2017-16653 | 2 Debian, Sensiolabs | 2 Debian Linux, Symfony | 2019-10-03 | 4.3 MEDIUM | 5.9 MEDIUM |
| An issue was discovered in Symfony before 2.7.38, 2.8.31, 3.2.14, 3.3.13, 3.4-BETA5, and 4.0-BETA5. The current implementation of CSRF protection in Symfony (Version >=2) does not use different tokens for HTTP and HTTPS; therefore the token is subject to MITM attacks on HTTP and can then be used in an HTTPS context to do CSRF attacks. | |||||
| CVE-2017-16674 | 1 Datto | 1 Windows Agent | 2019-10-03 | 4.9 MEDIUM | 8.0 HIGH |
| Datto Windows Agent allows unauthenticated remote command execution via a modified command in conjunction with CVE-2017-16673 exploitation, aka an attack with a malformed primary whitelisted command and a secondary non-whitelisted command. This affects Datto Windows Agent (DWA) 1.0.5.0 and earlier. In other words, an attacker could combine this "primary/secondary" attack with the CVE-2017-16673 "rogue pairing" attack to achieve unauthenticated access to all agent machines running these older DWA versions. | |||||