Total
34640 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-16088 | 1 Safe-eval Project | 1 Safe-eval | 2024-11-21 | 10.0 HIGH | 10.0 CRITICAL |
|
The safe-eval module describes itself as a safer version of eval. By accessing the object constructors, un-sanitized user input can access the entire standard library and effectively break out of the sandbox.
|
|||||
| CVE-2017-16046 | 1 Mariadb | 1 Mariadb | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
`mariadb` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
|
|||||
| CVE-2017-16030 | 1 Useragent Project | 1 Useragent | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Useragent is used to parse useragent headers. It uses several regular expressions to accomplish this. An attacker could edit their own headers, creating an arbitrarily long useragent string, causing the event loop and server to block. This affects Useragent 2.1.12 and earlier.
|
|||||
| CVE-2017-16007 | 1 Cisco | 1 Node-jose | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
|
node-jose is a JavaScript implementation of the JSON Object Signing and Encryption (JOSE) for current web browsers and node.js-based servers. node-jose earlier than version 0.9.3 is vulnerable to an invalid curve attack. This allows an attacker to recover the private secret key when JWE with Key Agreement with Elliptic Curve Diffie-Hellman Ephemeral Static (ECDH-ES) is used.
|
|||||
| CVE-2017-15914 | 1 Borgbackup | 1 Borg | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
Incorrect implementation of access controls allows remote users to override repository restrictions in Borg servers 1.1.x before 1.1.3.
|
|||||
| CVE-2017-15841 | 1 Qualcomm | 32 Sd 410, Sd 410 Firmware, Sd 412 and 29 more | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
|
When HOST sends a Special command ID packet, Controller triggers a RAM Dump and FW reset in Snapdragon Mobile in version SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 835, Snapdragon_High_Med_2016.
|
|||||
| CVE-2017-15718 | 1 Apache | 1 Hadoop | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
|
The YARN NodeManager in Apache Hadoop 2.7.3 and 2.7.4 can leak the password for credential store provider used by the NodeManager to YARN Applications.
|
|||||
| CVE-2017-15637 | 1 Tp-link | 76 Er5110g, Er5110g Firmware, Er5120g and 73 more | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
|
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the pptphellointerval variable in the pptp_server.lua file.
|
|||||
| CVE-2017-15636 | 1 Tp-link | 76 Er5110g, Er5110g Firmware, Er5120g and 73 more | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
|
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-time variable in the webfilter.lua file.
|
|||||
| CVE-2017-15635 | 1 Tp-link | 76 Er5110g, Er5110g Firmware, Er5120g and 73 more | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
|
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the max_conn variable in the session_limits.lua file.
|
|||||
| CVE-2017-15634 | 1 Tp-link | 76 Er5110g, Er5110g Firmware, Er5120g and 73 more | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
|
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the name variable in the wportal.lua file.
|
|||||
| CVE-2017-15633 | 1 Tp-link | 76 Er5110g, Er5110g Firmware, Er5120g and 73 more | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
|
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-ipgroup variable in the session_limits.lua file.
|
|||||
| CVE-2017-15632 | 1 Tp-link | 76 Er5110g, Er5110g Firmware, Er5120g and 73 more | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
|
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-mppeencryption variable in the pptp_server.lua file.
|
|||||
| CVE-2017-15631 | 1 Tp-link | 76 Er5110g, Er5110g Firmware, Er5120g and 73 more | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
|
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-workmode variable in the pptp_client.lua file.
|
|||||
| CVE-2017-15630 | 1 Tp-link | 76 Er5110g, Er5110g Firmware, Er5120g and 73 more | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
|
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-remotesubnet variable in the pptp_client.lua file.
|
|||||
| CVE-2017-15629 | 1 Tp-link | 76 Er5110g, Er5110g Firmware, Er5120g and 73 more | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
|
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-tunnelname variable in the pptp_client.lua file.
|
|||||
| CVE-2017-15628 | 1 Tp-link | 76 Er5110g, Er5110g Firmware, Er5120g and 73 more | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
|
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the lcpechointerval variable in the pptp_server.lua file.
|
|||||
| CVE-2017-15627 | 1 Tp-link | 76 Er5110g, Er5110g Firmware, Er5120g and 73 more | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
|
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-pns variable in the pptp_client.lua file.
|
|||||
| CVE-2017-15626 | 1 Tp-link | 76 Er5110g, Er5110g Firmware, Er5120g and 73 more | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
|
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-bindif variable in the pptp_server.lua file.
|
|||||
| CVE-2017-15625 | 1 Tp-link | 76 Er5110g, Er5110g Firmware, Er5120g and 73 more | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
|
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-olmode variable in the pptp_client.lua file.
|
|||||
| CVE-2017-15624 | 1 Tp-link | 76 Er5110g, Er5110g Firmware, Er5120g and 73 more | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
|
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-authtype variable in the pptp_server.lua file.
|
|||||
| CVE-2017-15623 | 1 Tp-link | 76 Er5110g, Er5110g Firmware, Er5120g and 73 more | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
|
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-enable variable in the pptp_server.lua file.
|
|||||
| CVE-2017-15622 | 1 Tp-link | 76 Er5110g, Er5110g Firmware, Er5120g and 73 more | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
|
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-mppeencryption variable in the pptp_client.lua file.
|
|||||
| CVE-2017-15621 | 1 Tp-link | 76 Er5110g, Er5110g Firmware, Er5120g and 73 more | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
|
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the olmode variable in the interface_wan.lua file.
|
|||||
| CVE-2017-15620 | 1 Tp-link | 76 Er5110g, Er5110g Firmware, Er5120g and 73 more | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
|
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-zone variable in the ipmac_import.lua file.
|
|||||
| CVE-2017-15619 | 1 Tp-link | 76 Er5110g, Er5110g Firmware, Er5120g and 73 more | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
|
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the pptphellointerval variable in the pptp_client.lua file.
|
|||||
| CVE-2017-15618 | 1 Tp-link | 76 Er5110g, Er5110g Firmware, Er5120g and 73 more | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
|
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-enable variable in the pptp_client.lua file.
|
|||||
| CVE-2017-15617 | 1 Tp-link | 76 Er5110g, Er5110g Firmware, Er5120g and 73 more | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
|
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the iface variable in the interface_wan.lua file.
|
|||||
| CVE-2017-15616 | 1 Tp-link | 76 Er5110g, Er5110g Firmware, Er5120g and 73 more | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
|
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-interface variable in the phddns.lua file.
|
|||||
| CVE-2017-15615 | 1 Tp-link | 76 Er5110g, Er5110g Firmware, Er5120g and 73 more | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
|
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the lcpechointerval variable in the pptp_client.lua file.
|
|||||
| CVE-2017-15614 | 1 Tp-link | 76 Er5110g, Er5110g Firmware, Er5120g and 73 more | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
|
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-outif variable in the pptp_client.lua file.
|
|||||
| CVE-2017-15613 | 1 Tp-link | 76 Er5110g, Er5110g Firmware, Er5120g and 73 more | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
|
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-interface variable in the cmxddns.lua file.
|
|||||
| CVE-2017-15430 | 1 Google | 1 Chrome | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
Insufficient data validation in Chromecast plugin in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page.
|
|||||
| CVE-2017-15391 | 2 Debian, Google | 2 Debian Linux, Chrome | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
Insufficient Policy Enforcement in Extensions in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to access Extension pages without authorisation via a crafted HTML page.
|
|||||
| CVE-2017-15387 | 2 Debian, Google | 2 Debian Linux, Chrome | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Insufficient enforcement of Content Security Policy in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to open javascript: URL windows when they should not be allowed to via a crafted HTML page.
|
|||||
| CVE-2017-15365 | 3 Fedoraproject, Mariadb, Percona | 3 Fedora, Mariadb, Xtradb Cluster | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x before 10.2.10 and Percona XtraDB Cluster before 5.6.37-26.21-3 and 5.7.x before 5.7.19-29.22-3 allows remote authenticated users with SQL access to bypass intended access restrictions and replicate data definition language (DDL) statements to cluster nodes by leveraging incorrect ordering of DDL replication and ACL checking.
|
|||||
| CVE-2017-15340 | 1 Huawei | 2 Tag-al00, Tag-al00 Firmware | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
Huawei smartphones with software of TAG-AL00C92B168 have an information disclosure vulnerability. An attacker tricks the user to install a crafted application, this application simulate click action to back up data in a non-encrypted way using an Android assist function. Successful exploit could result in information disclosure.
|
|||||
| CVE-2017-15136 | 1 Redhat | 1 Satellite | 2024-11-21 | 4.0 MEDIUM | 2.7 LOW |
|
When registering and activating a new system with Red Hat Satellite 6 if the new systems hostname is then reset to the hostname of a previously registered system the previously registered system will lose access to updates including security updates.
|
|||||
| CVE-2017-15130 | 3 Canonical, Debian, Dovecot | 3 Ubuntu Linux, Debian Linux, Dovecot | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
|
A denial of service flaw was found in dovecot before 2.2.34. An attacker able to generate random SNI server names could exploit TLS SNI configuration lookups, leading to excessive memory usage and the process to restart.
|
|||||
| CVE-2017-15127 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Enterprise Mrg | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
|
A flaw was found in the hugetlb_mcopy_atomic_pte function in mm/hugetlb.c in the Linux kernel before 4.13. A superfluous implicit page unlock for VM_SHARED hugetlbfs mapping could trigger a local denial of service (BUG).
|
|||||