Total
34640 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-5419 | 1 Mozilla | 2 Firefox, Thunderbird | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
If a malicious site repeatedly triggers a modal authentication prompt, eventually the browser UI will become non-responsive, requiring shutdown through the operating system. This is a denial of service (DOS) attack. This vulnerability affects Firefox < 52 and Thunderbird < 52.
|
|||||
| CVE-2017-5391 | 1 Mozilla | 1 Firefox | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Special "about:" pages used by web content, such as RSS feeds, can load privileged "about:" pages in an iframe. If a content-injection bug were found in one of those pages this could allow for potential privilege escalation. This vulnerability affects Firefox < 51.
|
|||||
| CVE-2017-4945 | 2 Apple, Vmware | 3 Mac Os X, Fusion, Workstation | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
VMware Workstation (14.x and 12.x) and Fusion (10.x and 8.x) contain a guest access control vulnerability. This issue may allow program execution via Unity on locked Windows VMs. VMware Tools must be updated to 10.2.0 for each VM to resolve CVE-2017-4945. VMware Tools 10.2.0 is consumed by Workstation 14.1.0 and Fusion 10.1.0 by default.
|
|||||
| CVE-2017-3960 | 1 Mcafee | 1 Network Security Manager | 2024-11-21 | 6.5 MEDIUM | 5.9 MEDIUM |
|
Exploitation of Authorization vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows authenticated users to gain elevated privileges via a crafted HTTP request parameter.
|
|||||
| CVE-2017-3718 | 1 Intel | 29 Compute Card Cd1iv128mk, Compute Card Cd1m3128mk, Compute Card Cd1p64gk and 26 more | 2024-11-21 | 4.6 MEDIUM | 6.2 MEDIUM |
|
Improper setting of device configuration in system firmware for Intel(R) NUC kits may allow a privileged user to potentially enable escalation of privilege via physical access.
|
|||||
| CVE-2017-3160 | 1 Apache | 1 Cordova | 2024-11-21 | 5.8 MEDIUM | 7.4 HIGH |
|
After the Android platform is added to Cordova the first time, or after a project is created using the build scripts, the scripts will fetch Gradle on the first build. However, since the default URI is not using https, it is vulnerable to a MiTM and the Gradle executable is not safe. The severity of this issue is high due to the fact that the build scripts immediately start a build after Gradle has been fetched. Developers who are concerned about this issue should install version 6.1.2 or higher ...
Show More |
|||||
| CVE-2017-3143 | 3 Debian, Isc, Redhat | 8 Debian Linux, Bind, Enterprise Linux Desktop and 5 more | 2024-11-21 | 4.3 MEDIUM | 7.5 HIGH |
|
An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name for the zone and service being targeted may be able to manipulate BIND into accepting an unauthorized dynamic update. Affects BIND 9.4.0->9.8.8, 9.9.0->9.9.10-P1, 9.10.0->9.10.5-P1, 9.11.0->9.11.1-P1, 9.9.3-S1->9.9.10-S2, 9.10.5-S1->9.10.5-S2.
|
|||||
| CVE-2017-2874 | 1 Foscam | 2 C1, C1 Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An information disclosure vulnerability exists in the Multi-Camera interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted request on port 10001 can allow for a user to retrieve sensitive information without authentication.
|
|||||
| CVE-2017-2839 | 2 Debian, Freerdp | 2 Debian Linux, Freerdp | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
|
An exploitable denial of service vulnerability exists within the handling of challenge packets in FreeRDP 2.0.0-beta1+android11. A specially crafted challenge packet can cause the program termination leading to a denial of service condition. An attacker can compromise the server or use man in the middle to trigger this vulnerability.
|
|||||
| CVE-2017-2825 | 2 Debian, Zabbix | 2 Debian Linux, Zabbix | 2024-11-21 | 6.8 MEDIUM | 7.0 HIGH |
|
In the trapper functionality of Zabbix Server 2.4.x, specifically crafted trapper packets can pass database logic checks, resulting in database writes. An attacker can set up a Man-in-the-Middle server to alter trapper requests made between an active Zabbix proxy and Server to trigger this vulnerability.
|
|||||
| CVE-2017-2747 | 1 Hp | 44 110, 110 Firmware, 310 and 41 more | 2024-11-21 | 2.1 LOW | 7.8 HIGH |
|
HP has identified a potential security vulnerability before IG_11_00_00.10 for DesignJet T790, T795, T1300, T2300, before MRY_04_05_00.5 for DesignJet T920, T930, T1500, T1530, T2500, T2530, before AENEAS_03_04_00.9 for DesignJet T3500, before NEXUS_01_12_00.11 for Latex 310, 330, 360, 370, before NEXUS_03_12_00.15 for Latex 315, 335, 365, 375, before STORM_00_05_01.6 for Latex 560, 570 and Latex 110 that may expose the credentials of the SMTP server configured to receive and process emails gene ...
Show More |
|||||
| CVE-2017-2742 | 1 Hp | 1 Web Jetadmin | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
A potential security vulnerability has been identified with HP Web Jetadmin before 10.4 SR2. This vulnerability could potentially be exploited to create a denial of service.
|
|||||
| CVE-2017-2741 | 1 Hp | 76 D3q15a, D3q15a Firmware, D3q15b and 73 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
A potential security vulnerability has been identified with HP PageWide Printers, HP OfficeJet Pro Printers, with firmware before 1708D. This vulnerability could potentially be exploited to execute arbitrary code.
|
|||||
| CVE-2017-2740 | 1 Hp | 1 Thinpro | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
A potential security vulnerability has been identified with the command line shell of the HP ThinPro operating system 6.1, 5.2.1, 5.2, 5.1, 5.0, and 4.4. The vulnerability could result in a local unauthorized elevation of privilege on an HP thin client device.
|
|||||
| CVE-2017-2664 | 1 Redhat | 2 Cloudforms, Cloudforms Management Engine | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
CloudForms Management Engine (cfme) before 5.7.3 and 5.8.x before 5.8.1 lacks RBAC controls on certain methods in the rails application portion of CloudForms. An attacker with access could use a variety of methods within the rails application portion of CloudForms to escalate privileges.
|
|||||
| CVE-2017-2663 | 1 Redhat | 1 Subscription-manager | 2024-11-21 | 4.6 MEDIUM | 8.2 HIGH |
|
It was found that subscription-manager's DBus interface before 1.19.4 let unprivileged user access the com.redhat.RHSM1.Facts.GetFacts and com.redhat.RHSM1.Config.Set methods. An unprivileged local attacker could use these methods to gain access to private information, or launch a privilege escalation attack.
|
|||||
| CVE-2017-2650 | 1 Jenkins | 1 Pipeline Classpath Step | 2024-11-21 | 6.0 MEDIUM | 8.5 HIGH |
|
It was found that the use of Pipeline: Classpath Step Jenkins plugin enables a bypass of the Script Security sandbox for users with SCM commit access, as well as users with e.g. Job/Configure permission in Jenkins.
|
|||||
| CVE-2017-2628 | 2 Haxx, Redhat | 4 Curl, Enterprise Linux Desktop, Enterprise Linux Server and 1 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
curl, as shipped in Red Hat Enterprise Linux 6 before version 7.19.7-53, did not correctly backport the fix for CVE-2015-3148 because it did not reflect the fact that the HAVE_GSSAPI define was meanwhile substituted by USE_HTTP_NEGOTIATE. This issue was introduced in RHEL 6.7 and affects RHEL 6 curl only.
|
|||||
| CVE-2017-2602 | 1 Jenkins | 1 Jenkins | 2024-11-21 | 4.0 MEDIUM | 3.1 LOW |
|
jenkins before versions 2.44, 2.32.2 is vulnerable to an improper blacklisting of the Pipeline metadata files in the agent-to-master security subsystem. This could allow metadata files to be written to by malicious agents (SECURITY-358).
|
|||||
| CVE-2017-2589 | 2 Hawt, Redhat | 2 Hawtio, Jboss Fuse | 2024-11-21 | 6.0 MEDIUM | 8.7 HIGH |
|
It was discovered that the hawtio servlet 1.4 uses a single HttpClient instance to proxy requests with a persistent cookie store (cookies are stored locally and are not passed between the client and the end URL) which means all clients using that proxy are sharing the same cookies.
|
|||||
| CVE-2017-2375 | 1 Apple | 1 Iphone Os | 2024-11-21 | 2.1 LOW | 3.3 LOW |
|
An issue existed in preventing the uploading of CallKit call history to iCloud. This issue was addressed through improved logic. This issue is fixed in iOS 10.2.1. Updates for CallKit call history are sent to iCloud.
|
|||||
| CVE-2017-2293 | 1 Puppet | 1 Puppet Enterprise | 2024-11-21 | 5.5 MEDIUM | 4.9 MEDIUM |
|
Versions of Puppet Enterprise prior to 2016.4.5 or 2017.2.1 shipped with an MCollective configuration that allowed the package plugin to install or remove arbitrary packages on all managed agents. This release adds default configuration to not allow these actions. Customers who rely on this functionality can change this policy.
|
|||||
| CVE-2017-20179 | 1 Instedd | 1 Pollit | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A vulnerability was found in InSTEDD Pollit 2.3.1. It has been rated as critical. This issue affects the function TourController of the file app/controllers/tour_controller.rb. The manipulation leads to an unknown weakness. The attack may be initiated remotely. Upgrading to version 2.3.2 is able to address this issue. The patch is named 6ef04f8b5972d5f16f8b86f8b53f62fac68d5498. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-221507.
|
|||||
| CVE-2017-20178 | 1 Codiad | 1 Codiad | 2024-11-21 | 2.1 LOW | 3.1 LOW |
|
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Codiad 2.8.0. It has been rated as problematic. Affected by this issue is the function saveJSON of the file components/install/process.php. The manipulation of the argument data leads to information disclosure. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. Upgrading to version 2.8.1 is able to address this issue. The patch is identified as 517119de673e62547ee ...
Show More |
|||||
| CVE-2017-20112 | 1 Ivpn | 1 Ivpn | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
A vulnerability has been found in IVPN Client 2.6.6120.33863 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument --up cmd leads to improper privilege management. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 2.6.2 is able to address this issue. It is recommended to upgrade the affected component.
|
|||||
| CVE-2017-20111 | 1 Calabrio | 1 Teleopti Workforce Management | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
|
A vulnerability, which was classified as critical, was found in Teleopti WFM 7.1.0. This affects an unknown part of the component Administration. The manipulation leads to improper privilege management. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.
|
|||||
| CVE-2017-20110 | 1 Calabrio | 1 Teleopti Workforce Management | 2024-11-21 | 5.0 MEDIUM | 4.3 MEDIUM |
|
A vulnerability, which was classified as problematic, has been found in Teleopti WFM up to 7.1.0. Affected by this issue is some unknown functionality of the component Administration. The manipulation as part of JSON leads to information disclosure (Credentials). The attack may be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.
|
|||||
| CVE-2017-20038 | 1 Sicunet | 1 Access Control | 2024-11-21 | 7.5 HIGH | 6.3 MEDIUM |
|
A vulnerability was found in SICUNET Access Controller 0.32-05z and classified as critical. Affected by this issue is some unknown functionality of the file card_scan_decoder.php. The manipulation of the argument No/door leads to privilege escalation. The attack may be launched remotely.
|
|||||
| CVE-2017-20037 | 1 Sicunet | 1 Access Control | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A vulnerability has been found in SICUNET Access Controller 0.32-05z and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument c leads to privilege escalation. The attack can be launched remotely.
|
|||||
| CVE-2017-20031 | 1 Phplist | 1 Phplist | 2024-11-21 | 4.0 MEDIUM | 2.7 LOW |
|
A vulnerability was found in PHPList 3.2.6. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument sortby with the input password leads to information disclosure. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.3.1 is able to address this issue. It is recommended to upgrade the affected component.
|
|||||
| CVE-2017-20025 | 1 Solar-log | 16 Solar-log 1000, Solar-log 1000 Firmware, Solar-log 1000 Pm\+ and 13 more | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
|
A vulnerability was found in Solare Solar-Log 2.8.4-56/3.5.2-85. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Flash Memory. The manipulation leads to privilege escalation. The attack can be launched remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component.
|
|||||
| CVE-2017-20024 | 1 Solar-log | 16 Solar-log 1000, Solar-log 1000 Firmware, Solar-log 1000 Pm\+ and 13 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
A vulnerability was found in Solare Solar-Log 2.8.4-56/3.5.2-85. It has been classified as problematic. Affected is an unknown function. The manipulation leads to denial of service. It is possible to launch the attack remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component.
|
|||||
| CVE-2017-20023 | 1 Solar-log | 16 Solar-log 1000, Solar-log 1000 Firmware, Solar-log 1000 Pm\+ and 13 more | 2024-11-21 | 7.5 HIGH | 6.3 MEDIUM |
|
A vulnerability was found in Solare Solar-Log 2.8.4-56/3.5.2-85 and classified as critical. This issue affects some unknown processing of the component Network Config. The manipulation leads to privilege escalation. The attack may be initiated remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component.
|
|||||
| CVE-2017-20019 | 1 Solar-log | 16 Solar-log 1000, Solar-log 1000 Firmware, Solar-log 1000 Pm\+ and 13 more | 2024-11-21 | 5.0 MEDIUM | 4.3 MEDIUM |
|
A vulnerability classified as problematic was found in Solare Solar-Log 2.8.4-56/3.5.2-85. Affected by this vulnerability is an unknown functionality of the component Config Handler. The manipulation leads to information disclosure. The attack can be launched remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component.
|
|||||
| CVE-2017-20007 | 1 Ingeteam | 2 Ingepac Da Au, Ingepac Da Au Firmware | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
Ingeteam INGEPAC DA AU AUC_1.13.0.28 (and before) web application allows access to a certain path that contains sensitive information that could be used by an attacker to execute more sophisticated attacks. An unauthenticated remote attacker with access to the device´s web service could exploit this vulnerability in order to obtain different configuration files.
|
|||||
| CVE-2017-1788 | 1 Ibm | 1 Websphere Application Server | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
IBM WebSphere Application Server 9 installations using Form Login could allow a remote attacker to conduct spoofing attacks. IBM X-Force ID: 137031.
|
|||||
| CVE-2017-1755 | 1 Ibm | 1 Security Identity Governance And Intelligence | 2024-11-21 | 4.6 MEDIUM | 6.5 MEDIUM |
|
IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 could allow a local attacker to inject commands into malicious files that could be executed by the administrator. IBM X-Force ID: 135855.
|
|||||
| CVE-2017-1731 | 1 Ibm | 1 Websphere Application Server | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could provide weaker than expected security when using the Administrative Console. An authenticated remote attacker could exploit this vulnerability to possibly gain elevated privileges.
|
|||||
| CVE-2017-1714 | 1 Ibm | 2 Client Application Access, Notes | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
IBM Notes and Domino NSD 8.5 and 9.0 could allow an authenticated local user without administrative privileges to gain System privilege. IBM X-Force ID: 134633.
|
|||||
| CVE-2017-1692 | 1 Ibm | 1 Aix | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
IBM AIX 5.3, 6.1, 7.1, and 7.2 contains an unspecified vulnerability that would allow a locally authenticated user to obtain root level privileges. IBM X-Force ID: 134067.
|
|||||