Search
Total
21119 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-12568 | 1 Brother | 2 Dcp-j132w, Dcp-j132w Firmware | 2019-10-03 | 7.8 HIGH | 7.5 HIGH |
| Denial of Service vulnerability in Debut embedded httpd 1.20 in Brother DCP-J132W (and probably other DCP models) allows remote attackers to hang the printer (disrupting its network connection) by sending a large amount of HTTP packets. | |||||
| CVE-2017-12573 | 1 Planex | 2 Cs-w50hd, Cs-w50hd Firmware | 2019-10-03 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered on PLANEX CS-W50HD devices with firmware before 030720. The device has a command-injection vulnerability in the web management UI on NAS settings page "/cgi-bin/nasset.cgi". An attacker can send a crafted HTTP POST request to execute arbitrary code. Authentication is required before executing the attack. | |||||
| CVE-2017-12592 | 1 Asus | 2 Dsl-n10s, Dsl-n10s Firmware | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| ASUS DSL-N10S V2.1.16_APAC devices have a privilege escalation vulnerability. A normal user can escalate its privilege and perform administrative actions. There is no mapping of users with their privileges. | |||||
| CVE-2017-12600 | 1 Opencv | 1 Opencv | 2019-10-03 | 7.8 HIGH | 7.5 HIGH |
| OpenCV (Open Source Computer Vision Library) through 3.3 has a denial of service (CPU consumption) issue, as demonstrated by the 11-opencv-dos-cpu-exhaust test case. | |||||
| CVE-2017-12602 | 1 Opencv | 1 Opencv | 2019-10-03 | 7.8 HIGH | 7.5 HIGH |
| OpenCV (Open Source Computer Vision Library) through 3.3 has a denial of service (memory consumption) issue, as demonstrated by the 10-opencv-dos-memory-exhaust test case. | |||||
| CVE-2017-12836 | 3 Canonical, Debian, Gnu | 3 Ubuntu Linux, Debian Linux, Cvs | 2019-10-03 | 5.1 MEDIUM | 7.5 HIGH |
| CVS 1.12.x, when configured to use SSH for remote repositories, might allow remote attackers to execute arbitrary code via a repository URL with a crafted hostname, as demonstrated by "-oProxyCommand=id;localhost:/bar." | |||||
| CVE-2017-13067 | 1 Qnap | 1 Qts | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| QNAP has patched a remote code execution vulnerability affecting the QTS Media Library in all versions prior to QTS 4.2.6 build 20170905 and QTS 4.3.3.0299 build 20170901. This particular vulnerability allows a remote attacker to execute commands on a QNAP NAS using a transcoding service on port 9251. A remote user does not require any privileges to successfully execute an attack. | |||||
| CVE-2017-13161 | 1 Google | 1 Android | 2019-10-03 | 4.6 MEDIUM | 7.8 HIGH |
| An elevation of privilege vulnerability in the Broadcom wireless driver. Product: Android. Versions: Android kernel. Android ID A-63930471. References: BC-V2017092501. | |||||
| CVE-2017-13162 | 1 Google | 1 Android | 2019-10-03 | 9.3 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability in the kernel binder. Product: Android. Versions: Android kernel. Android ID A-64216036. | |||||
| CVE-2017-13163 | 1 Google | 1 Android | 2019-10-03 | 4.6 MEDIUM | 7.8 HIGH |
| An elevation of privilege vulnerability in the kernel mtp usb driver. Product: Android. Versions: Android kernel. Android ID A-37429972. | |||||
| CVE-2017-13165 | 1 Google | 1 Android | 2019-10-03 | 4.6 MEDIUM | 7.8 HIGH |
| An elevation of privilege vulnerability in the kernel file system. Product: Android. Versions: Android kernel. Android ID A-31269937. | |||||
| CVE-2017-13167 | 1 Google | 1 Android | 2019-10-03 | 7.2 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability in the kernel sound timer. Product: Android. Versions: Android kernel. Android ID A-37240993. | |||||
| CVE-2017-13170 | 1 Google | 1 Android | 2019-10-03 | 7.2 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability in the MediaTek display driver. Product: Android. Versions: Android kernel. Android ID A-36102397. References: M-ALPS03359280. | |||||
| CVE-2017-13171 | 1 Google | 1 Android | 2019-10-03 | 7.2 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability in the MediaTek performance service. Product: Android. Versions: Android kernel. Android ID A-64316572. References: M-ALPS03479086. | |||||
| CVE-2017-13172 | 1 Google | 1 Android | 2019-10-03 | 4.6 MEDIUM | 7.8 HIGH |
| An elevation of privilege vulnerability in the MediaTek bluetooth driver. Product: Android. Versions: Android kernel. Android ID A-36493287. References: M-ALPS03495791. | |||||
| CVE-2017-13173 | 1 Google | 1 Android | 2019-10-03 | 7.2 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability in the MediaTek system server. Product: Android. Versions: Android kernel. Android ID A-28067350. References: M-ALPS02672361. | |||||
| CVE-2017-13174 | 1 Google | 1 Android | 2019-10-03 | 7.2 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability in the kernel edl. Product: Android. Versions: Android kernel. Android ID A-63100473. | |||||
| CVE-2017-13212 | 1 Google | 1 Android | 2019-10-03 | 4.6 MEDIUM | 7.8 HIGH |
| An elevation of privilege vulnerability in the Android system (systemui). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62187985. | |||||
| CVE-2017-13213 | 1 Google | 1 Android | 2019-10-03 | 4.6 MEDIUM | 7.8 HIGH |
| An elevation of privilege vulnerability in the Broadcom bcmdhd driver. Product: Android. Versions: Android kernel. Android ID: A-63374465. References: B-V2017081501. | |||||
| CVE-2017-13215 | 1 Google | 1 Android | 2019-10-03 | 7.2 HIGH | 7.8 HIGH |
| A elevation of privilege vulnerability in the Upstream kernel skcipher. Product: Android. Versions: Android kernel. Android ID: A-64386293. References: Upstream kernel. | |||||
| CVE-2017-13219 | 1 Google | 1 Android | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| A denial of service vulnerability in the Upstream kernel synaptics touchscreen controller. Product: Android. Versions: Android kernel. Android ID: A-62800865. | |||||
| CVE-2017-13221 | 1 Google | 1 Android | 2019-10-03 | 4.6 MEDIUM | 7.8 HIGH |
| An elevation of privilege vulnerability in the Upstream kernel wifi driver. Product: Android. Versions: Android kernel. Android ID: A-64709938. | |||||
| CVE-2017-13226 | 1 Google | 1 Android | 2019-10-03 | 4.6 MEDIUM | 7.8 HIGH |
| An elevation of privilege vulnerability in the MediaTek mtk. Product: Android. Versions: Android kernel. Android ID: A-32591194. References: M-ALPS03149184. | |||||
| CVE-2017-13244 | 1 Google | 1 Android | 2019-10-03 | 4.6 MEDIUM | 7.8 HIGH |
| A elevation of privilege vulnerability in the Upstream kernel easel. Product: Android. Versions: Android kernel. ID: A-62678986. | |||||
| CVE-2017-13245 | 1 Google | 1 Android | 2019-10-03 | 4.6 MEDIUM | 7.8 HIGH |
| A elevation of privilege vulnerability in the Upstream kernel audio driver. Product: Android. Versions: Android kernel. ID: A-64315347. | |||||
| CVE-2017-13254 | 1 Google | 1 Android | 2019-10-03 | 7.8 HIGH | 7.5 HIGH |
| A other vulnerability in the Android media framework (AACExtractor). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70239507. | |||||
| CVE-2017-13263 | 1 Google | 1 Android | 2019-10-03 | 7.5 HIGH | 7.3 HIGH |
| A elevation of privilege vulnerability in the Android framework. Product: Android. Versions: 8.0, 8.1. Android ID: A-69383160. | |||||
| CVE-2017-13265 | 1 Google | 1 Android | 2019-10-03 | 7.5 HIGH | 7.3 HIGH |
| A elevation of privilege vulnerability in the Android system (OTA updates). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-36232423. | |||||
| CVE-2017-13679 | 1 Symantec | 1 Encryption Desktop | 2019-10-03 | 1.4 LOW | 4.2 MEDIUM |
| A denial of service (DoS) attack in Symantec Encryption Desktop before SED 10.4.1 MP2HF1 allows remote attackers to make a particular machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a specific host within a network. | |||||
| CVE-2017-13270 | 1 Google | 1 Android | 2019-10-03 | 7.5 HIGH | 7.3 HIGH |
| A elevation of privilege vulnerability in the upstream kernel mnh_sm driver. Product: Android. Versions: Android kernel. Android ID: A-69474744. | |||||
| CVE-2017-13271 | 1 Google | 1 Android | 2019-10-03 | 7.5 HIGH | 7.3 HIGH |
| A elevation of privilege vulnerability in the upstream kernel mnh_sm driver. Product: Android. Versions: Android kernel. Android ID: A-69006799. | |||||
| CVE-2017-13273 | 1 Google | 1 Android | 2019-10-03 | 6.9 MEDIUM | 7.0 HIGH |
| In xt_qtaguid.c, there is a race condition due to insufficient locking. This could lead to local elevation of privileges with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-65853158. | |||||
| CVE-2017-1328 | 1 Ibm | 1 Api Connect | 2019-10-03 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM API Connect 5.0.0.0 - 5.0.6.0 could allow a remote attacker to bypass security restrictions of the api, caused by improper handling of security policy. By crafting a suitable request, an attacker could exploit this vulnerability to bypass security and use the vulnerable API. IBM X-Force ID: 126230. | |||||
| CVE-2017-13306 | 1 Google | 1 Android | 2019-10-03 | 7.5 HIGH | 7.3 HIGH |
| A elevation of privilege vulnerability in the Upstream kernel mnh driver. Product: Android. Versions: Android kernel. Android ID: A-70295063. | |||||
| CVE-2017-13307 | 1 Google | 1 Android | 2019-10-03 | 7.5 HIGH | 7.3 HIGH |
| A elevation of privilege vulnerability in the Upstream kernel pci sysfs. Product: Android. Versions: Android kernel. Android ID: A-69128924. | |||||
| CVE-2017-1341 | 1 Ibm | 1 Websphere Mq | 2019-10-03 | 4.3 MEDIUM | 3.7 LOW |
| IBM WebSphere MQ 8.0 and 9.0 could allow, under special circumstances, an unauthorized user to access an object which they should have been denied access. IBM X-Force ID: 126456. | |||||
| CVE-2017-13670 | 1 Blackcat-cms | 1 Blackcat Cms | 2019-10-03 | 4.0 MEDIUM | 6.5 MEDIUM |
| In BlackCat CMS 1.2, remote authenticated users can upload any file via the media upload function in backend/media/ajax_upload.php, as demonstrated by a ZIP archive that contains a .php file. | |||||
| CVE-2017-13674 | 1 Symantec | 1 Proxyclient | 2019-10-03 | 7.2 HIGH | 7.8 HIGH |
| Symantec ProxyClient 3.4 for Windows is susceptible to a privilege escalation vulnerability. A malicious local Windows user can, under certain circumstances, exploit this vulnerability to escalate their privileges on the system and execute arbitrary code with LocalSystem privileges. | |||||
| CVE-2017-13675 | 1 Symantec | 1 Endpoint Encryption | 2019-10-03 | 2.3 LOW | 4.2 MEDIUM |
| A denial of service (DoS) attack in Symantec Endpoint Encryption before SEE 11.1.3HF2 allows remote attackers to make a particular machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a specific host within a network. | |||||
| CVE-2017-13680 | 2 Microsoft, Symantec | 2 Windows, Endpoint Protection | 2019-10-03 | 3.6 LOW | 5.5 MEDIUM |
| Prior to SEP 12.1 RU6 MP9 & SEP 14 RU1 Symantec Endpoint Protection Windows endpoint can encounter a situation whereby an attacker could use the product's UI to perform unauthorized file deletes on the resident file system. | |||||
| CVE-2017-13681 | 1 Symantec | 1 Endpoint Protection | 2019-10-03 | 4.6 MEDIUM | 7.8 HIGH |
| Symantec Endpoint Protection prior to SEP 12.1 RU6 MP9 could be susceptible to a privilege escalation vulnerability, which is a type of issue that allows a user to gain elevated access to resources that are normally protected at lower access levels. In the circumstances of this issue, the capability of exploit is limited by the need to perform multiple file and directory writes to the local filesystem and as such, is not feasible in a standard drive-by type attack. | |||||
| CVE-2017-13698 | 1 Moxa | 2 Eds-g512e, Eds-g512e Firmware | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. An attacker could extract public and private keys from the firmware image available on the MOXA website and could use them against a production switch that has the default keys embedded. | |||||
| CVE-2017-1371 | 1 Ibm | 1 Tririga Application Platform | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| Builder tools running in the IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 contains a vulnerability that could allow an authenticated user to execute Builder tool actions they do not have access to. IBM X-Force ID: 126864. | |||||
| CVE-2017-1373 | 1 Ibm | 1 Tririga Application Platform | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| Reports executed in the IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 contains a vulnerability that could allow an authenticated user to execute a report they do not have access to. IBM X-Force ID: 126866. | |||||
| CVE-2017-13775 | 2 Debian, Graphicsmagick | 2 Debian Linux, Graphicsmagick | 2019-10-03 | 7.1 HIGH | 6.5 MEDIUM |
| GraphicsMagick 1.3.26 has a denial of service issue in ReadJNXImage() in coders/jnx.c whereby large amounts of CPU and memory resources may be consumed although the file itself does not support the requests. | |||||
| CVE-2017-13786 | 1 Apple | 1 Mac Os X | 2019-10-03 | 2.1 LOW | 4.6 MEDIUM |
| An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "APFS" component. It does not properly restrict the DMA mapping time of FileVault decryption buffers, which allows attackers to read cleartext APFS data via a crafted Thunderbolt adapter. | |||||
| CVE-2017-13806 | 1 Apple | 1 Iphone Os | 2019-10-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Profiles" component. It does not enforce the configuration profile's settings for whether pairings are allowed. | |||||
| CVE-2017-13827 | 1 Apple | 1 Mac Os X | 2019-10-03 | 9.3 HIGH | 7.8 HIGH |
| An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "kext tools" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app that performs kext loading. | |||||
| CVE-2017-13828 | 1 Apple | 1 Mac Os X | 2019-10-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Fonts" component. It allows remote attackers to spoof the user interface via crafted text. | |||||
| CVE-2017-13860 | 1 Apple | 2 Iphone Os, Mac Os X | 2019-10-03 | 4.3 MEDIUM | 5.9 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. The issue involves the "Mail Drafts" component. It allows man-in-the-middle attackers to read e-mail content by leveraging mishandling of S/MIME credential encryption. | |||||