Total
11829 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-6921 | 1 Drupal | 1 Drupal | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
|
In Drupal 8 prior to 8.3.4; The file REST resource does not properly validate some fields when manipulating files. A site is only affected by this if the site has the RESTful Web Services (rest) module enabled, the file REST resource is enabled and allows PATCH requests, and an attacker can get or register a user account on the site with permissions to upload files and to modify the file resource.
|
|||||
| CVE-2017-6281 | 1 Google | 1 Android | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
NVIDIA libnvomx contains a possible out of bounds write due to a improper input validation which could lead to local escalation of privilege. This issue is rated as high. Product: Android. Version: N/A. Android: A-66969318. Reference: N-CVE-2017-6281.
|
|||||
| CVE-2017-6261 | 1 Nvidia | 1 Vibrante Linux | 2024-11-21 | 4.6 MEDIUM | 8.2 HIGH |
|
NVIDIA Vibrante Linux version 1.1, 2.0, and 2.2 contains a vulnerability in the user space driver in which protection mechanisms are insufficient, may lead to denial of service or information disclosure.
|
|||||
| CVE-2017-6169 | 1 F5 | 1 Big-ip Policy Enforcement Manager | 2024-11-21 | 4.3 MEDIUM | 6.8 MEDIUM |
|
In versions 13.0.0, 12.0.0-12.1.3, or 11.6.0-11.6.2, an F5 BIG-IP virtual server using the URL categorization feature may cause the Traffic Management Microkernel (TMM) to produce a core file when it receives malformed URLs during categorization.
|
|||||
| CVE-2017-6154 | 1 F5 | 1 Big-ip Application Security Manager | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
On F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, or 11.6.1 - 11.6.2, the BIG-IP ASM bd daemon may core dump memory under some circumstances when processing undisclosed types of data on systems with 48 or more CPU cores.
|
|||||
| CVE-2017-6150 | 1 F5 | 10 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 7 more | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
Under certain conditions for F5 BIG-IP systems 13.0.0 or 12.1.0 - 12.1.3.1, using FastL4 profiles, when the Reassemble IP Fragments option is disabled (default), some specific large fragmented packets may restart the Traffic Management Microkernel (TMM).
|
|||||
| CVE-2017-6148 | 1 F5 | 8 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Application Acceleration Manager and 5 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Responses to SOCKS proxy requests made through F5 BIG-IP version 13.0.0, 12.0.0-12.1.3.1, 11.6.1-11.6.2, or 11.5.1-11.5.5 may cause a disruption of services provided by TMM. The data plane is impacted and exposed only when a SOCKS proxy profile is attached to a Virtual Server. The control plane is not impacted by this vulnerability.
|
|||||
| CVE-2017-6021 | 2 Aveva, Schneider-electric | 2 Clearscada, Clearscada | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
In Schneider Electric ClearSCADA 2014 R1 (build 75.5210) and prior, 2014 R1.1 (build 75.5387) and prior, 2015 R1 (build 76.5648) and prior, and 2015 R2 (build 77.5882) and prior, an attacker with network access to the ClearSCADA server can send specially crafted sequences of commands and data packets to the ClearSCADA server that can cause the ClearSCADA server process and ClearSCADA communications driver processes to terminate. A CVSS v3 base score of 7.5 has been assigned; the CVSS vector stri ...
Show More |
|||||
| CVE-2017-5819 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.
|
|||||
| CVE-2017-5818 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.
|
|||||
| CVE-2017-5817 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.
|
|||||
| CVE-2017-5816 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.
|
|||||
| CVE-2017-5815 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.
|
|||||
| CVE-2017-5808 | 1 Hp | 1 Data Protector | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
A Remote Arbitrary Code Execution vulnerability in HPE Data Protector version prior to 8.17 and 9.09 was found.
|
|||||
| CVE-2017-5806 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.2 was found.
|
|||||
| CVE-2017-5805 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.2 was found.
|
|||||
| CVE-2017-5794 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
|
A Remote Arbitrary File Download vulnerability in HPE Intelligent Management Center (IMC) PLAT version 7.2 E0403P06 was found.
|
|||||
| CVE-2017-5793 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
|
A Remote Arbitrary Code Execution vulnerability in HPE Intelligent Management Center (IMC) PLAT version 7.2 E0403P06 was found.
|
|||||
| CVE-2017-5784 | 1 Hp | 1 Matrix Operating Environment | 2024-11-21 | 5.8 MEDIUM | 6.5 MEDIUM |
|
A missing HSTS Header vulnerability in HPE Matrix Operating Environment version v7.6 was found.
|
|||||
| CVE-2017-5783 | 1 Hp | 1 Matrix Operating Environment | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
A remote clickjacking vulnerability in HPE Matrix Operating Environment version v7.6 was found.
|
|||||
| CVE-2017-5782 | 1 Hp | 1 Matrix Operating Environment | 2024-11-21 | 5.8 MEDIUM | 5.4 MEDIUM |
|
A missing HSTS Header vulnerability in HPE Matrix Operating Environment version v7.6 was found.
|
|||||
| CVE-2017-5780 | 1 Hp | 1 Matrix Operating Environment | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
A remote clickjacking vulnerability in HPE Matrix Operating Environment version v7.6 was found.
|
|||||
| CVE-2017-5699 | 1 Intel | 2 Minnowboard 3, Minnowboard 3 Firmware | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
Input validation error in Intel MinnowBoard 3 Firmware versions prior to 0.65 allow local attacker to cause denial of service via UEFI APIs.
|
|||||
| CVE-2017-5660 | 2 Apache, Debian | 2 Traffic Server, Debian Linux | 2024-11-21 | 5.0 MEDIUM | 8.6 HIGH |
|
There is a vulnerability in Apache Traffic Server (ATS) 6.2.0 and prior and 7.0.0 and prior with the Host header and line folding. This can have issues when interacting with upstream proxies and the wrong host being used.
|
|||||
| CVE-2017-5463 | 2 Google, Mozilla | 2 Android, Firefox | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
Android intents can be used to launch Firefox for Android in reader mode with a user specified URL. This allows an attacker to spoof the contents of the addressbar as displayed to users. Note: This attack only affects Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox < 53.
|
|||||
| CVE-2017-5453 | 1 Mozilla | 1 Firefox | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
A mechanism to inject static HTML into the RSS reader preview page due to a failure to escape characters sent as URL parameters for a feed's "TITLE" element. This vulnerability allows for spoofing but no scripted content can be run. This vulnerability affects Firefox < 53.
|
|||||
| CVE-2017-5452 | 1 Mozilla | 1 Firefox | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
Malicious sites can display a spoofed addressbar on a page when the existing location bar on the new page is scrolled out of view if an HTML editable page element is user selected. Note: This attack only affects Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox < 53.
|
|||||
| CVE-2017-5450 | 1 Mozilla | 1 Firefox | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A mechanism to spoof the Firefox for Android addressbar using a "javascript:" URI. On Firefox for Android, the base domain is parsed incorrectly, making the resulting location less visibly a spoofed site and showing an incorrect domain in appended notifications. This vulnerability affects Firefox < 53.
|
|||||
| CVE-2017-5422 | 1 Mozilla | 2 Firefox, Thunderbird | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
If a malicious site uses the "view-source:" protocol in a series within a single hyperlink, it can trigger a non-exploitable browser crash when the hyperlink is selected. This was fixed by no longer making "view-source:" linkable. This vulnerability affects Firefox < 52 and Thunderbird < 52.
|
|||||
| CVE-2017-5421 | 1 Mozilla | 2 Firefox, Thunderbird | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A malicious site could spoof the contents of the print preview window if popup windows are enabled, resulting in user confusion of what site is currently loaded. This vulnerability affects Firefox < 52 and Thunderbird < 52.
|
|||||
| CVE-2017-5420 | 1 Mozilla | 1 Firefox | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
A "javascript:" url loaded by a malicious page can obfuscate its location by blanking the URL displayed in the addressbar, allowing for an attacker to spoof an existing page without the malicious page's address being displayed correctly. This vulnerability affects Firefox < 52.
|
|||||
| CVE-2017-5417 | 1 Mozilla | 1 Firefox | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
When dragging content from the primary browser pane to the addressbar on a malicious site, it is possible to change the addressbar so that the displayed location following navigation does not match the URL of the newly loaded page. This allows for spoofing attacks. This vulnerability affects Firefox < 52.
|
|||||
| CVE-2017-5415 | 1 Mozilla | 1 Firefox | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
An attack can use a blob URL and script to spoof an arbitrary addressbar URL prefaced by "blob:" as the protocol, leading to user confusion and further spoofing attacks. This vulnerability affects Firefox < 52.
|
|||||
| CVE-2017-5395 | 2 Google, Mozilla | 2 Android, Firefox | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
Malicious sites can display a spoofed location bar on a subsequently loaded page when the existing location bar on the new page is scrolled out of view if navigations between pages can be timed correctly. Note: This issue only affects Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox < 51.
|
|||||
| CVE-2017-5211 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Content Spoofing.
|
|||||
| CVE-2017-5123 | 2 Linux, Netapp | 16 Linux Kernel, Cloud Backup, H300e and 13 more | 2024-11-21 | 4.6 MEDIUM | 8.8 HIGH |
|
Insufficient data validation in waitid allowed an user to escape sandboxes on Linux.
|
|||||
| CVE-2017-5028 | 1 Google | 1 Chrome | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
Insufficient data validation in V8 in Google Chrome prior to 56.0.2924.76 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
|
|||||
| CVE-2017-3197 | 1 Gigabyte | 4 Gb-bsi7h-6500, Gb-bsi7h-6500 Firmware, Gb-bxi7-5775 and 1 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
GIGABYTE BRIX UEFI firmware for the GB-BSi7H-6500 (version F6) and GB-BXi7-5775 (version F2) platforms does not securely implement BIOSWE, BLE, SMM_BWP, and PRx features. As a result, the BIOS is not protected from arbitrary write access and may permit modifications to the SPI flash.
|
|||||
| CVE-2017-3180 | 1 Tibco | 10 Silver Fabric Enabler For Spotfire Web Player, Spotfire Analyst, Spotfire Analytics Platform For Aws and 7 more | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Multiple TIBCO Products are prone to multiple unspecified cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and to launch other attacks. The products and versions that are affected include the following: TIBCO Silver Fabric Enable ...
Show More |
|||||
| CVE-2017-3142 | 3 Debian, Isc, Redhat | 8 Debian Linux, Bind, Enterprise Linux Desktop and 5 more | 2024-11-21 | 4.3 MEDIUM | 5.3 MEDIUM |
|
An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name may be able to circumvent TSIG authentication of AXFR requests via a carefully constructed request packet. A server that relies solely on TSIG keys for protection with no other ACL protection could be manipulated into: providing an AXFR of a zone to an unauthorized recipient or accepting bogus NOTIFY packets. Affects BIND 9.4.0->9.8.8, 9.9.0->9.9.10-P1, 9.10.0->9.10. ...
Show More |
|||||