Search
Total
21119 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-11169 | 1 Iball | 2 Ib-wra300n3gt, Ib-wra300n3gt Firmware | 2019-10-03 | 9.0 HIGH | 8.8 HIGH |
| Privilege Escalation on iBall iB-WRA300N3GT iB-WRA300N3GT_1.1.1 devices allows remote authenticated users to obtain root privileges by leveraging a guest/user/normal account to submit a modified privilege parameter to /form2userconfig.cgi. | |||||
| CVE-2017-1117 | 1 Ibm | 1 Websphere Mq | 2019-10-03 | 3.5 LOW | 5.3 MEDIUM |
| IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user to cause a denial of service to the MQXR channel when trace is enabled. IBM X-Force ID: 121155. | |||||
| CVE-2017-1118 | 1 Ibm | 1 Websphere Mq Internet Pass-thru | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| IBM WebSphere MQ Internet Pass-Thru 2.0 and 2.1 could allow n attacker to cause the MQIPT to stop responding due to an incorrectly configured security policy. IBM X-Force ID: 121156. | |||||
| CVE-2017-11229 | 3 Adobe, Apple, Microsoft | 7 Acrobat, Acrobat Dc, Acrobat Reader and 4 more | 2019-10-03 | 6.8 MEDIUM | 8.8 HIGH |
| Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has a security bypass vulnerability when manipulating Forms Data Format (FDF). | |||||
| CVE-2017-1129 | 1 Ibm | 2 Expeditor, Inotes | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| IBM Notes 8.5 and 9.0 is vulnerable to a denial of service. If a user is persuaded to click on a malicious link, it could cause the Notes client to hang and have to be restarted. IBM X-Force ID: 121370. | |||||
| CVE-2017-1130 | 1 Ibm | 1 Inotes | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| IBM Notes 8.5 and 9.0 is vulnerable to a denial of service. If a user is persuaded to click on a malicious link, it would open up many file select dialog boxes which would cause the client hang and have to be restarted. IBM X-Force ID: 121371. | |||||
| CVE-2017-1134 | 1 Ibm | 1 Power Hardware Management Console | 2019-10-03 | 7.2 HIGH | 7.8 HIGH |
| IBM Reliable Scalable Cluster Technology could allow a local user to escalate their privileges to gain root access. IBM Reference #: 1998459. | |||||
| CVE-2017-11347 | 1 Metinfo | 1 Metinfo | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| Authenticated Code Execution Vulnerability in MetInfo 5.3.17 allows a remote authenticated attacker to generate a PHP script with the content of a malicious image, related to admin/include/common.inc.php and admin/app/physical/physical.php. | |||||
| CVE-2017-1137 | 1 Ibm | 1 Websphere Application Server | 2019-10-03 | 6.8 MEDIUM | 8.1 HIGH |
| IBM WebSphere Application Server 8.0 and 8.5.5 could provide weaker than expected security. A remote attacker could exploit this weakness to obtain sensitive information and gain unauthorized access to the admin console. IBM X-Force ID: 121549. | |||||
| CVE-2017-11401 | 1 Belden | 2 Tofino Xenon Security Appliance, Tofino Xenon Security Appliance Firmware | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| An issue has been discovered on the Belden Hirschmann Tofino Xenon Security Appliance before 03.2.00. Improper handling of the mbap.length field of ModBus packets in the ModBus DPI filter allows an attacker to send malformed/crafted packets to a protected asset, bypassing function code filtering. | |||||
| CVE-2017-11424 | 2 Debian, Pyjwt Project | 2 Debian Linux, Pyjwt | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| In PyJWT 1.5.0 and below the `invalid_strings` check in `HMACAlgorithm.prepare_key` does not account for all PEM encoded public keys. Specifically, the PKCS1 PEM encoded format would be allowed because it is prefaced with the string `-----BEGIN RSA PUBLIC KEY-----` which is not accounted for. This enables symmetric/asymmetric key confusion attacks against users using the PKCS1 PEM encoded public keys, which would allow an attacker to craft JWTs from scratch. | |||||
| CVE-2017-1151 | 1 Ibm | 1 Websphere Application Server | 2019-10-03 | 6.8 MEDIUM | 8.1 HIGH |
| IBM WebSphere Application Server 8.0, 8.5, 8.5.5, and 9.0 using OpenID Connect (OIDC) configured with a Trust Association Interceptor (TAI) could allow a user to gain elevated privileges on the system. IBM Reference #: 1999293. | |||||
| CVE-2017-11565 | 1 Debian | 1 Tor | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| debian/tor.init in the Debian tor_0.2.9.11-1~deb9u1 package for Tor was designed to execute aa-exec from the standard system pathname if the apparmor package is installed, but implements this incorrectly (with a wrong assumption that the specific pathname would remain the same forever), which allows attackers to bypass intended AppArmor restrictions by leveraging the silent loss of this protection mechanism. NOTE: this does not affect systems, such as default Debian stretch installations, on which Tor startup relies on a systemd unit file (instead of this tor.init script). | |||||
| CVE-2017-11591 | 2 Canonical, Exiv2 | 2 Ubuntu Linux, Exiv2 | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| There is a Floating point exception in the Exiv2::ValueType function in Exiv2 0.26 that will lead to a remote denial of service attack via crafted input. | |||||
| CVE-2017-11615 | 1 Factorio | 1 Factorio | 2019-10-03 | 6.8 MEDIUM | 8.6 HIGH |
| A sandbox escape in the Lua interface in Wube Factorio before 0.15.31 allows remote game servers or user-assisted attackers to execute arbitrary C code by including and loading a C library. | |||||
| CVE-2017-11633 | 1 - | 1 Wireless Ip Camera 360 | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on Wireless IP Camera 360 devices. Remote attackers can discover RTSP credentials by connecting to TCP port 9527 and reading the InsertConnect field. | |||||
| CVE-2017-1170 | 1 Ibm | 1 Websphere Commerce | 2019-10-03 | 4.6 MEDIUM | 5.3 MEDIUM |
| IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 8.0 could allow a local user to hijack a user's session. IBM X-Force ID: 123230. | |||||
| CVE-2017-11683 | 2 Canonical, Exiv2 | 2 Ubuntu Linux, Exiv2 | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| There is a reachable assertion in the Internal::TiffReader::visitDirectory function in tiffvisitor.cpp of Exiv2 0.26 that will lead to a remote denial of service attack via crafted input. | |||||
| CVE-2017-11684 | 1 Libav | 1 Libav | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| There is an illegal address access in the build_table function in libavcodec/bitstream.c of Libav 12.1 that will lead to remote denial of service via crafted input. | |||||
| CVE-2017-1171 | 1 Ibm | 1 Tririga Application Platform | 2019-10-03 | 4.0 MEDIUM | 4.3 MEDIUM |
| The IBM TRIRIGA Application Platform 3.3, 3,4, and 3,5 contain a vulnerability that could allow an authenticated user to execute Application actions they do not have access to. IBM Reference #: 2001083. | |||||
| CVE-2017-1190 | 1 Ibm | 1 Emptoris Strategic Supply Management | 2019-10-03 | 6.2 MEDIUM | 6.4 MEDIUM |
| IBM Emptoris Strategic Supply Management Platform 10.x and 10.1 could allow a local user with special access roles to execute arbitrary code on the system. By manipulating a configurable property, an attacker could exploit this vulnerability to gain full control over the system. IBM X-Force ID: 123559. | |||||
| CVE-2017-11769 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2019-10-03 | 9.3 HIGH | 7.8 HIGH |
| The Microsoft Windows TRIE component on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability in the way it handles loading dll files, aka "TRIE Remote Code Execution Vulnerability". | |||||
| CVE-2017-11779 | 1 Microsoft | 5 Windows 10, Windows 8.1, Windows Rt 8.1 and 2 more | 2019-10-03 | 9.3 HIGH | 8.1 HIGH |
| The Microsoft Windows Domain Name System (DNS) DNSAPI.dll on Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability when it fails to properly handle DNS responses, aka "Windows DNSAPI Remote Code Execution Vulnerability". | |||||
| CVE-2017-11780 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2019-10-03 | 6.8 MEDIUM | 7.0 HIGH |
| The Server Message Block 1.0 (SMBv1) on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows a remote code execution vulnerability when it fails to properly handle certain requests, aka "Windows SMB Remote Code Execution Vulnerability". | |||||
| CVE-2017-11783 | 1 Microsoft | 5 Windows 10, Windows 8.1, Windows Rt 8.1 and 2 more | 2019-10-03 | 6.9 MEDIUM | 7.0 HIGH |
| Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability in the way it handles calls to Advanced Local Procedure Call (ALPC), aka "Windows Elevation of Privilege Vulnerability". | |||||
| CVE-2017-1180 | 1 Ibm | 1 Tririga Application Platform | 2019-10-03 | 3.5 LOW | 5.3 MEDIUM |
| The IBM TRIRIGA Document Manager contains a vulnerability that could allow an authenticated user to execute actions they did not have access to. IBM Reference #: 2001084. | |||||
| CVE-2017-1182 | 1 Ibm | 1 Tivoli Monitoring | 2019-10-03 | 5.4 MEDIUM | 7.5 HIGH |
| IBM Tivoli Monitoring Portal v6 could allow a local (network adjacent) attacker to execute arbitrary commands on the system, when default client-server default communications, HTTP, are being used. IBM X-Force ID: 123493. | |||||
| CVE-2017-11824 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2019-10-03 | 6.9 MEDIUM | 7.0 HIGH |
| The Microsoft Graphics Component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability in the way it handles objects in memory, aka "Windows Graphics Component Elevation of Privilege Vulnerability". | |||||
| CVE-2017-11847 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2019-10-03 | 9.3 HIGH | 7.8 HIGH |
| Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to run arbitrary code in kernel mode, install programs, view, change or delete data, and create new accounts with full user rights due to improperly handing objects in memory, aka "Windows Kernel Elevation of Privilege Vulnerability". | |||||
| CVE-2017-11872 | 1 Microsoft | 3 Edge, Windows 10, Windows Server 2016 | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to force the browser to send data that would otherwise be restricted to a destination website of the attacker's choice, due to how Microsoft Edge handles redirect requests, aka "Microsoft Edge Security Feature Bypass Vulnerability". This CVE ID is unique from CVE-2017-11863 and CVE-2017-11874. | |||||
| CVE-2017-11877 | 1 Microsoft | 6 Excel, Excel 2007, Excel 2010 and 3 more | 2019-10-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Compatibility Pack Service Pack 3, Microsoft Excel Viewer 2007 Service Pack 3, and Microsoft Excel 2016 for Mac allow a security feature bypass by not enforcing macro settings on an Excel document, aka "Microsoft Excel Security Feature Bypass Vulnerability". | |||||
| CVE-2017-11883 | 1 Microsoft | 1 Aspnetcore | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| .NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to remotely cause a denial of service attack against a .NET Core web application by improperly handling web requests, aka ".NET CORE Denial Of Service Vulnerability". | |||||
| CVE-2017-11899 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| Device Guard in Windows 10 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows a security feature bypass vulnerability due to the way untrusted files are handled, aka "Microsoft Windows Security Feature Bypass Vulnerability". | |||||
| CVE-2017-1191 | 1 Ibm | 7 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 4 more | 2019-10-03 | 4.0 MEDIUM | 4.3 MEDIUM |
| An undisclosed vulnerability in CLM applications (including IBM Rational Collaborative Lifecycle Management 4.0, 5.0, and 6.0) with potential for failure to restrict URL Access. IBM X-Force ID: 123661. | |||||
| CVE-2017-1205 | 1 Ibm | 1 Spectrum Lsf | 2019-10-03 | 7.2 HIGH | 8.8 HIGH |
| IBM Platform LSF 10.1 contains an unspecified vulnerability that could allow a local user to escalate their privileges and obtain root access. IBM X-Force ID: 123741. | |||||
| CVE-2017-12065 | 1 Cacti | 1 Cacti | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| spikekill.php in Cacti before 1.1.16 might allow remote attackers to execute arbitrary code via the avgnan, outlier-start, or outlier-end parameter. | |||||
| CVE-2017-12085 | 1 Meetcircle | 2 Circle With Disney, Circle With Disney Firmware | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| An exploitable routing vulnerability exists in the Circle with Disney cloud infrastructure. A specially crafted packet can make the Circle cloud route a packet to any arbitrary Circle device. An attacker needs network connectivity to the Internet to trigger this vulnerability. | |||||
| CVE-2017-12089 | 1 Rockwellautomation | 2 Micrologix 1400, Micrologix 1400 B Firmware | 2019-10-03 | 7.8 HIGH | 7.5 HIGH |
| An exploitable denial of service vulnerability exists in the program download functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a device fault resulting in halted operations. An attacker can send an unauthenticated packet to trigger this vulnerability. | |||||
| CVE-2017-1212 | 1 Ibm | 1 Daeja Viewone | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0.2 is vulnerable to a denial of service when viewing or opening a large file. IBM X-Force ID: 123852. | |||||
| CVE-2017-12154 | 1 Linux | 1 Linux Kernel | 2019-10-03 | 3.6 LOW | 7.1 HIGH |
| The prepare_vmcs02 function in arch/x86/kvm/vmx.c in the Linux kernel through 4.13.3 does not ensure that the "CR8-load exiting" and "CR8-store exiting" L0 vmcs02 controls exist in cases where L1 omits the "use TPR shadow" vmcs12 control, which allows KVM L2 guest OS users to obtain read and write access to the hardware CR8 register. | |||||
| CVE-2017-12170 | 2 Fedoraproject, Pureftpd | 2 Fedora, Pure-ftpd | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| Downstream version 1.0.46-1 of pure-ftpd as shipped in Fedora was vulnerable to packaging error due to which the original configuration was ignored after update and service started running with default configuration. This has security implications because of overriding security-related configuration. This issue doesn't affect upstream version of pure-ftpd. | |||||
| CVE-2017-1235 | 1 Ibm | 1 Websphere Mq | 2019-10-03 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM WebSphere MQ 8.0 could allow an authenticated user to cause a premature termination of a client application thread which could potentially cause denial of service. IBM X-Force ID: 123914. | |||||
| CVE-2017-12421 | 1 Netapp | 1 Clustered Data Ontap | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| NetApp Clustered Data ONTAP 8.3.x before 8.3.2P12 allows remote authenticated users to execute arbitrary code on the storage controller via unspecified vectors. | |||||
| CVE-2017-12423 | 1 Netapp | 1 Clustered Data Ontap | 2019-10-03 | 4.0 MEDIUM | 7.7 HIGH |
| NetApp Clustered Data ONTAP 8.3.x before 8.3.2P12 allows remote authenticated users to read data on other Storage Virtual Machines (SVMs) via unspecified vectors. | |||||
| CVE-2017-12547 | 3 Hp, Linux, Microsoft | 3 System Management Homepage, Linux Kernel, Windows | 2019-10-03 | 5.5 MEDIUM | 5.6 MEDIUM |
| A local arbitrary command execution vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found. | |||||
| CVE-2017-12548 | 3 Hp, Linux, Microsoft | 3 System Management Homepage, Linux Kernel, Windows | 2019-10-03 | 5.5 MEDIUM | 5.6 MEDIUM |
| A local arbitrary command execution vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found. | |||||
| CVE-2017-12550 | 3 Hp, Linux, Microsoft | 3 System Management Homepage, Linux Kernel, Windows | 2019-10-03 | 5.5 MEDIUM | 5.6 MEDIUM |
| A local security misconfiguration vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found. | |||||
| CVE-2017-12551 | 3 Hp, Linux, Microsoft | 3 System Management Homepage, Linux Kernel, Windows | 2019-10-03 | 5.5 MEDIUM | 5.6 MEDIUM |
| A local arbitrary execution of commands vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found. | |||||
| CVE-2017-12552 | 3 Hp, Linux, Microsoft | 3 System Management Homepage, Linux Kernel, Windows | 2019-10-03 | 5.5 MEDIUM | 5.6 MEDIUM |
| A local arbitrary execution of commands vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found. | |||||
| CVE-2017-12553 | 3 Hp, Linux, Microsoft | 3 System Management Homepage, Linux Kernel, Windows | 2019-10-03 | 5.5 MEDIUM | 5.6 MEDIUM |
| A local authentication bypass vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found. | |||||