Total
34640 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-8949 | 1 Hp | 1 Sitescope | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
A Disclosure of Sensitive Information vulnerability in HPE SiteScope version v11.2x, v11.3x was found.
|
|||||
| CVE-2017-8948 | 1 Hp | 1 Network Node Manager I | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
A Remote Bypass Security Restriction vulnerability in HPE Network Node Manager i (NNMi) Software versions v10.0x, v10.1x, v10.2x was found.
|
|||||
| CVE-2017-8946 | 1 Hp | 1 Aruba Airwave Glass | 2024-11-21 | 7.6 HIGH | 8.3 HIGH |
|
A Remote Code Execution vulnerability in HPE Aruba AirWave Glass version v1.0.0 and 1.0.1 was found.
|
|||||
| CVE-2017-8931 | 1 Bitdefender | 1 Gravityzone | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
Bitdefender GravityZone VMware appliance before 6.2.1-35 might allow attackers to gain access with root privileges via unspecified vectors.
|
|||||
| CVE-2017-8274 | 1 Qualcomm | 24 Mdm9206, Mdm9206 Firmware, Mdm9607 and 21 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MSM8909W, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, an access control vulnerability exists in Core.
|
|||||
| CVE-2017-8176 | 1 Huawei | 2 Iptv Stb, Iptv Stb Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Huawei IPTV STB with earlier than IPTV STB V100R003C01LMYTa6SPC001 versions has an authentication bypass vulnerability. An attacker could exploit this vulnerability to access the serial interface and modify the configuration. Successful exploit could lead to the authentication bypass and view channels by free.
|
|||||
| CVE-2017-7893 | 1 Saltstack | 1 Salt | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
In SaltStack Salt before 2016.3.6, compromised salt-minions can impersonate the salt-master.
|
|||||
| CVE-2017-7835 | 1 Mozilla | 1 Firefox | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
|
Mixed content blocking of insecure (HTTP) sub-resources in a secure (HTTPS) document was not correctly applied for resources that redirect from HTTPS to HTTP, allowing content that should be blocked, such as scripts, to be loaded on a page. This vulnerability affects Firefox < 57.
|
|||||
| CVE-2017-7822 | 1 Mozilla | 1 Firefox | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
The AES-GCM implementation in WebCrypto API accepts 0-length IV when it should require a length of 1 according to the NIST Special Publication 800-38D specification. This might allow for the authentication key to be determined in some instances. This vulnerability affects Firefox < 56.
|
|||||
| CVE-2017-7820 | 1 Mozilla | 1 Firefox | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
The "instanceof" operator can bypass the Xray wrapper mechanism. When called on web content from the browser itself or an extension the web content can provide its own result for that operator, possibly tricking the browser or extension into mishandling the element. This vulnerability affects Firefox < 56.
|
|||||
| CVE-2017-7790 | 2 Microsoft, Mozilla | 2 Windows, Firefox | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
On Windows systems, if non-null-terminated strings are copied into the crash reporter for some specific registry keys, stack memory data can be copied until a null is found. This can potentially contain private data from the local system. Note: This attack only affects Windows operating systems. Other operating systems are not affected. This vulnerability affects Firefox < 55.
|
|||||
| CVE-2017-7789 | 1 Mozilla | 1 Firefox | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
If a server sends two Strict-Transport-Security (STS) headers for a single connection, they will be rejected as invalid and HTTP Strict Transport Security (HSTS) will not be enabled for the connection. This vulnerability affects Firefox < 55.
|
|||||
| CVE-2017-7781 | 1 Mozilla | 1 Firefox | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
|
An error occurs in the elliptic curve point addition algorithm that uses mixed Jacobian-affine coordinates where it can yield a result "POINT_AT_INFINITY" when it should not. A man-in-the-middle attacker could use this to interfere with a connection, resulting in an attacked party computing an incorrect shared secret. This vulnerability affects Firefox < 55.
|
|||||
| CVE-2017-7656 | 2 Debian, Eclipse | 2 Debian Linux, Jetty | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), HTTP/0.9 is handled poorly. An HTTP/1 style request line (i.e. method space URI space version) that declares a version of HTTP/0.9 was accepted and treated as a 0.9 request. If deployed behind an intermediary that also accepted and passed through the 0.9 version (but did not act on it), then the response sent could be interpreted by the intermediary as HT ...
Show More |
|||||
| CVE-2017-7652 | 2 Debian, Eclipse | 2 Debian Linux, Mosquitto | 2024-11-21 | 6.0 MEDIUM | 7.5 HIGH |
|
In Eclipse Mosquitto 1.4.14, if a Mosquitto instance is set running with a configuration file, then sending a HUP signal to server triggers the configuration to be reloaded from disk. If there are lots of clients connected so that there are no more file descriptors/sockets available (default limit typically 1024 file descriptors on Linux), then opening the configuration file will fail.
|
|||||
| CVE-2017-7530 | 1 Redhat | 2 Cloudforms, Cloudforms Management Engine | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
In CloudForms Management Engine (cfme) before 5.7.3 and 5.8.x before 5.8.1, it was found that privilege check is missing when invoking arbitrary methods via filtering on VMs that MiqExpression will execute that is triggerable by API users. An attacker could use this to execute actions they should not be allowed to (e.g. destroying VMs).
|
|||||
| CVE-2017-7497 | 1 Redhat | 1 Cloudforms Management Engine | 2024-11-21 | 4.0 MEDIUM | 4.1 MEDIUM |
|
The dialog for creating cloud volumes (cinder provider) in CloudForms does not filter cloud tenants by user. An attacker with the ability to create storage volumes could use this to create storage volumes for any other tenant.
|
|||||
| CVE-2017-7070 | 1 Apple | 1 Mac Os X | 2024-11-21 | 4.6 MEDIUM | 6.8 MEDIUM |
|
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Kernel" component. It allows physically proximate attackers to bypass the screen-locking protection mechanism that should have been in place upon closing the lid.
|
|||||
| CVE-2017-6976 | 1 Apple | 1 Iphone Os | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "Sandbox Profiles" component. It allows attackers to bypass intended access restrictions (for iCloud user records) via a crafted app.
|
|||||
| CVE-2017-6930 | 1 Drupal | 1 Drupal | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
|
In Drupal versions 8.4.x versions before 8.4.5 when using node access controls with a multilingual site, Drupal marks the untranslated version of a node as the default fallback for access queries. This fallback is used for languages that do not yet have a translated version of the created node. This can result in an access bypass vulnerability. This issue is mitigated by the fact that it only applies to sites that a) use the Content Translation module; and b) use a node access module such as Dom ...
Show More |
|||||
| CVE-2017-6925 | 1 Drupal | 1 Drupal | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
In versions of Drupal 8 core prior to 8.3.7; There is a vulnerability in the entity access system that could allow unwanted access to view, create, update, or delete entities. This only affects entities that do not use or do not have UUIDs, and entities that have different access restrictions on different revisions of the same entity.
|
|||||
| CVE-2017-6424 | 1 Google | 1 Android | 2024-11-21 | 6.9 MEDIUM | 7.0 HIGH |
|
An elevation of privilege vulnerability in the Qualcomm WiFi driver. Product: Android. Versions: Android kernel. Android ID: A-32086742. References: QC-CR#1102648.
|
|||||
| CVE-2017-6423 | 1 Google | 1 Android | 2024-11-21 | 6.9 MEDIUM | 7.0 HIGH |
|
An elevation of privilege vulnerability in the Qualcomm kyro L2 driver. Product: Android. Versions: Android kernel. Android ID: A-32831370. References: QC-CR#1103158.
|
|||||
| CVE-2017-6371 | 1 Synchro | 1 Bbs | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Synchronet BBS 3.16c for Windows allows remote attackers to cause a denial of service (service crash) via a long string in the HTTP Referer header.
|
|||||
| CVE-2017-6227 | 2 Broadcom, Brocade | 2 Fabric Operating System, Fabric Os | 2024-11-21 | 6.1 MEDIUM | 6.5 MEDIUM |
|
A vulnerability in the IPv6 stack on Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) versions before 7.4.2b, 8.1.2 and 8.2.0 could allow an attacker to cause a denial of service (CPU consumption and device hang) condition by sending crafted Router Advertisement (RA) messages to a targeted system.
|
|||||
| CVE-2017-6158 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2024-11-21 | 6.4 MEDIUM | 6.5 MEDIUM |
|
In F5 BIG-IP 12.0.0-12.1.2, 11.6.0-11.6.1, 11.5.1-11.5.5, or 11.2.1 there is a vulnerability in TMM related to handling of invalid IP addresses.
|
|||||
| CVE-2017-6156 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2024-11-21 | 6.0 MEDIUM | 6.4 MEDIUM |
|
When the F5 BIG-IP 12.1.0-12.1.1, 11.6.0-11.6.1, 11.5.1-11.5.5, or 11.2.1 system is configured with a wildcard IPSec tunnel endpoint, it may allow a remote attacker to disrupt or impersonate the tunnels that have completed phase 1 IPSec negotiations. The attacker must possess the necessary credentials to negotiate the phase 1 of the IPSec exchange to exploit this vulnerability; in many environment this limits the attack surface to other endpoints under the same administration.
|
|||||
| CVE-2017-6155 | 1 F5 | 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Application Acceleration Manager and 8 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
On F5 BIG-IP 13.0.0, 12.0.0-12.1.3.1, 11.6.0-11.6.2, 11.4.1-11.5.5, or 11.2.1, malformed SPDY or HTTP/2 requests may result in a disruption of service to TMM. Data plane is only exposed when a SPDY or HTTP/2 profile is attached to a virtual server. There is no control plane exposure.
|
|||||
| CVE-2017-5947 | 1 Oneplus | 7 Oneplus 2, Oneplus 3, Oneplus 3t and 4 more | 2024-11-21 | 4.6 MEDIUM | 6.8 MEDIUM |
|
An issue was discovered in OnePlus One, X, 2, 3, 3T, and 5 devices with OxygenOS 5.0 and earlier. The attacker can reboot the device into the Qualcomm Emergency Download (EDL) mode through ADB or by using Volume-Up when connected to USB, which in turn could allow for downgrading partitions such as the Android Bootloader.
|
|||||
| CVE-2017-5829 | 1 Hp | 1 Aruba Clearpass Policy Manager | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
An access restriction bypass vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found.
|
|||||
| CVE-2017-5826 | 1 Hp | 1 Aruba Clearpass Policy Manager | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
An authenticated remote code execution vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found.
|
|||||
| CVE-2017-5825 | 1 Hp | 1 Aruba Clearpass Policy Manager | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
A privilege escalation vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found.
|
|||||
| CVE-2017-5824 | 1 Hp | 1 Aruba Clearpass Policy Manager | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
An unauthenticated remote code execution vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found.
|
|||||
| CVE-2017-5823 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.
|
|||||
| CVE-2017-5822 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.
|
|||||
| CVE-2017-5821 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.
|
|||||
| CVE-2017-5820 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.
|
|||||
| CVE-2017-5813 | 1 Hp | 1 Network Automation | 2024-11-21 | 6.8 MEDIUM | 6.3 MEDIUM |
|
A remote unauthenticated access vulnerability in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found.
|
|||||
| CVE-2017-5787 | 1 Hp | 1 Version Control Repository Manager | 2024-11-21 | 6.8 MEDIUM | 6.5 MEDIUM |
|
A remote denial of service vulnerability in HPE Version Control Repository Manager (VCRM) in all versions prior to 7.6 was found.
|
|||||
| CVE-2017-5786 | 1 Hp | 12 Officeconnect 1820 24g Poe\+ \(185w\) Switch J9983a, Officeconnect 1820 24g Poe\+ \(185w\) Switch J9983a Firmware, Officeconnect 1820 24g Switch J9980a and 9 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
A local Unauthorized Data Modification vulnerability in HPE OfficeConnect Network Switches version PT.02.01 including PT.01.03 through PT.01.14
|
|||||