CVE Daily
← All years

Uncategorized 2017

Page 2/20.

CVEs without a recognized CWE (not present in the CWE map or marked as N/A).

CVSS ≥ 0.0
2017-11-21
High

CVE-2017-5708

Multiple privilege escalations in kernel in Intel Manageability Engine Firmware 11.0/11.5/11.6/11.7/11.10/11.20 allow unauthorized process to access privileged content via unspecified vector.

CVSS: 7.8CWE: N/A
Read more
Critical

CVE-2017-16920

v5/config/system.php in dayrui FineCms 5.2.0 has a default SYS_KEY value and does not require key regeneration for each installation, which allows remote attackers to upload arbitrary .php files via…

CVSS: 9.8CWE: N/A
Read more
High

CVE-2017-15044

The default installation of DocuWare Fulltext Search server through 6.11 allows remote users to connect to and download searchable text from the embedded Solr service, bypassing DocuWare's access con…

CVSS: 8.8CWE: N/A
Read more
2017-11-20
Critical

CVE-2017-11401

An issue has been discovered on the Belden Hirschmann Tofino Xenon Security Appliance before 03.2.00. Improper handling of the mbap.length field of ModBus packets in the ModBus DPI filter allows an a…

CVSS: 9.8CWE: N/A
Read more
High

CVE-2016-6804

The Apache OpenOffice installer (versions prior to 4.1.3, including some branded as OpenOffice.org) for Windows contains a defective operation that allows execution of arbitrary code with elevated pr…

CVSS: 7.8CWE: CWE-264
Read more
2017-11-17
Medium

CVE-2017-1000168

sodiumoxide 0.0.13 and older scalarmult() vulnerable to degenerate public keys

CVSS: 6.5CWE: N/A
Read more
Critical

CVE-2017-1000192

Cygnux sysPass version 2.1.7 and older is vulnerable to a Local File Inclusion in the functionality of javascript files inclusion. The attacker can read the configuration files that contain the login…

CVSS: 9.8CWE: N/A
Read more
High

CVE-2017-16875

An issue was discovered in Teluu pjproject (pjlib and pjlib-util) in PJSIP before 2.7.1. The ioqueue component may issue a double key unregistration after an attacker initiates a socket connection wi…

CVSS: 7.5CWE: N/A
Read more
Critical

CVE-2017-1000212

Elixir's vim plugin, alchemist.vim is vulnerable to remote code execution in the bundled alchemist-server. A malicious website can execute requests against an ephemeral port on localhost that are the…

CVSS: 9.8CWE: N/A
Read more
Critical

CVE-2017-1000197

October CMS build 412 is vulnerable to file path modification in asset move functionality resulting in creating creating malicious files on the server.

CVSS: 9.8CWE: CWE-417
Read more
2017-11-16
High

CVE-2017-0865

An elevation of privilege vulnerability in the MediaTek soc driver. Product: Android. Versions: Android kernel. Android ID: A-65025090. References: M-ALPS02973195.

CVSS: 7.8CWE: N/A
Read more
High

CVE-2017-0864

An elevation of privilege vulnerability in the MediaTek ioctl (flashlight). Product: Android. Versions: Android kernel. Android ID: A-37277147. References: M-ALPS03394571.

CVSS: 7.8CWE: N/A
Read more
High

CVE-2017-0863

An elevation of privilege vulnerability in the Upstream kernel video driver. Product: Android. Versions: Android kernel. Android ID: A-37950620.

CVSS: 7.8CWE: N/A
Read more
High

CVE-2017-0862

An elevation of privilege vulnerability in the Upstream kernel kernel. Product: Android. Versions: Android kernel. Android ID: A-36006779.

CVSS: 7.8CWE: N/A
Read more
Medium

CVE-2017-0860

An elevation of privilege vulnerability in the Android system (inputdispatcher). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-31097064.

CVSS: 5.3CWE: N/A
Read more
High

CVE-2017-0859

Another vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-36075131.

CVSS: 7.5CWE: N/A
Read more
Critical

CVE-2017-0853

An information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63121644.

CVSS: 9.1CWE: N/A
Read more
High

CVE-2017-0843

An elevation of privilege vulnerability in the MediaTek ccci. Product: Android. Versions: Android kernel. Android ID: A-62670819. References: M-ALPS03361488.

CVSS: 7.8CWE: N/A
Read more
High

CVE-2017-0838

An elevation of privilege vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-63522818.

CVSS: 7.8CWE: N/A
Read more
High

CVE-2017-0835

A remote code execution vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63316832.

CVSS: 7.8CWE: N/A
Read more
High

CVE-2017-0833

A remote code execution vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62896384.

CVSS: 7.8CWE: N/A
Read more
High

CVE-2017-0832

A remote code execution vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62887820.

CVSS: 7.8CWE: N/A
Read more
High

CVE-2017-9702

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a user-space pointer is directly accessed in a camera driver.

CVSS: 7.8CWE: N/A
Read more
High

CVE-2017-11073

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, the qcacld pktlog allows mapping memory via /proc/ath_pktlog/cld to user space.

CVSS: 7.8CWE: N/A
Read more
High

CVE-2017-11038

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing the boot image header, range checks can be bypassed by supplying diffe…

CVSS: 7.8CWE: N/A
Read more
High

CVE-2017-11023

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, there is a possibility of out-of-bound buffer accesses due to no synchronization in acc…

CVSS: 7.8CWE: N/A
Read more
High

CVE-2017-4932

VMware AirWatch Launcher for Android prior to 3.2.2 contains a vulnerability that could allow an escalation of privilege from the launcher UI context menu to native UI functionality and privilege. Su…

CVSS: 7.8CWE: N/A
Read more
Medium

CVE-2017-16867

Amazon Key through 2017-11-16 mishandles Cloud Cam 802.11 deauthentication frames during the delivery process, which makes it easier for (1) delivery drivers to freeze a camera and re-enter a house f…

CVSS: 6.5CWE: N/A
Read more
High

CVE-2017-15864

In the Agent Frontend in Open Ticket Request System (OTRS) 3.3.x through 3.3.18, with a crafted URL it is possible to gain information like database user and password.

CVSS: 8.8CWE: N/A
Read more
High

CVE-2017-12318

A vulnerability in the TCP state machine of Cisco RF Gateway 1 devices could allow an unauthenticated, remote attacker to prevent an affected device from delivering switched digital video (SDV) or vi…

CVSS: 7.5CWE: CWE-399
Read more
Medium

CVE-2017-12311

A vulnerability in the H.264 decoder function of Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a Cisco Meeting Server media process to restart unexpectedly when it rec…

CVSS: 5.8CWE: CWE-399
Read more
Medium

CVE-2017-12306

A vulnerability in the upgrade process of Cisco Spark Board could allow an authenticated, local attacker to install an unverified upgrade package, aka Signature Verification Bypass. The vulnerability…

CVSS: 4.4CWE: CWE-16
Read more
2017-11-15
Critical

CVE-2017-5533

A vulnerability in the server content cache of TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with…

CVSS: 9.3CWE: N/A
Read more
High

CVE-2014-3150

Livebox 1.1 allows remote authenticated users to upload arbitrary configuration files, download the configuration file, or obtain sensitive information via crafted Javascript.

CVSS: 8.8CWE: CWE-254
Read more
High

CVE-2017-15923

Konversation 1.4.x, 1.5.x, 1.6.x, and 1.7.x before 1.7.3 allow remote attackers to cause a denial of service (crash) via vectors related to parsing of IRC color formatting codes.

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2017-8812

MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows remote attackers to inject > (greater than) characters via the id attribute of a headline.

CVSS: 5.3CWE: N/A
Read more
High

CVE-2017-8700

ASP.NET Core 1.0, 1.1, and 2.0 allow an attacker to bypass Cross-origin Resource Sharing (CORS) configurations and retrieve normally restricted content from a web application, aka "ASP.NET Core Infor…

CVSS: 7.5CWE: N/A
Read more
High

CVE-2017-11883

.NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to remotely cause a denial of service attack against a .NET Core web application by improperly handling web requests, aka ".NET CORE Deni…

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2017-11877

Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Compatibi…

CVSS: 5.5CWE: N/A
Read more
Low

CVE-2017-11874

Microsoft Edge in Microsoft Windows 10 1703, 1709, Windows Server, version 1709, and ChakraCore allows an attacker to bypass Control Flow Guard (CFG) to run arbitrary code on a target system, due to…

CVSS: 3.1CWE: N/A
Read more
Medium

CVE-2017-11872

Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to force the browser to send data that would otherwise be restricted to a destination website of the atta…

CVSS: 6.5CWE: N/A
Read more
High

CVE-2017-11847

Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Ser…

CVSS: 7.8CWE: N/A
Read more
High

CVE-2017-11788

Windows Search in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows se…

CVSS: 7.5CWE: N/A
Read more
2017-11-14
High

CVE-2017-10278

Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middleware (subcomponent: Security). Supported versions that are affected are 11.1.1, 12.1.1, 12.1.3 and 12.2.2. Difficult to exploit vul…

CVSS: 7.0CWE: N/A
Read more
Critical

CVE-2017-10272

Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middleware (subcomponent: Core). Supported versions that are affected are 11.1.1, 12.1.1, 12.1.3 and 12.2.2. Easily exploitable vulnerabi…

CVSS: 9.9CWE: N/A
Read more
Critical

CVE-2017-10269

Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middleware (subcomponent: Core). Supported versions that are affected are 11.1.1, 12.1.1, 12.1.3 and 12.2.2. Easily exploitable vulnerabi…

CVSS: 10.0CWE: N/A
Read more
Medium

CVE-2017-16239

In OpenStack Nova through 14.0.9, 15.x through 15.0.7, and 16.x through 16.0.2, by rebuilding an instance, an authenticated user may be able to circumvent the Filter Scheduler bypassing imposed filte…

CVSS: 6.5CWE: N/A
Read more
Medium

CVE-2017-12624

Apache CXF supports sending and receiving attachments via either the JAX-WS or JAX-RS specifications. It is possible to craft a message attachment header that could lead to a Denial of Service (DoS)…

CVSS: 5.5CWE: N/A
Read more
2017-11-13
Critical

CVE-2017-1710

A vulnerability in the Service Assistant GUI in IBM Storwize V7000 (2076) 8.1 could allow a remote attacker to perform a privilege escalation. IBM X-Force ID: 134531.

CVSS: 9.8CWE: N/A
Read more
Medium

CVE-2017-15525

Prior to SEE v11.1.3MP1, Symantec Endpoint Encryption can be susceptible to a denial of service (DoS) attack, which is a type of attack whereby the perpetrator attempts to make a particular machine o…

CVSS: 4.5CWE: N/A
Read more
High

CVE-2017-3767

A local privilege escalation vulnerability was identified in the Realtek audio driver versions prior to 6.0.1.8224 in some Lenovo ThinkPad products. An attacker with local privileges could execute co…

CVSS: 7.8CWE: N/A
Read more
High

CVE-2017-11169

Privilege Escalation on iBall iB-WRA300N3GT iB-WRA300N3GT_1.1.1 devices allows remote authenticated users to obtain root privileges by leveraging a guest/user/normal account to submit a modified priv…

CVSS: 8.8CWE: N/A
Read more
Critical

CVE-2017-13846

An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the third-party "PCRE" product. Versions before 8.40 allow remote attackers to cause a denial o…

CVSS: 9.8CWE: N/A
Read more
Critical

CVE-2017-13832

An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "802.1X" component. It allows attackers to have an unspecified impact by leveraging TLS 1.0…

CVSS: 9.8CWE: N/A
Read more
Medium

CVE-2017-13828

An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Fonts" component. It allows remote attackers to spoof the user interface via crafted text.

CVSS: 5.5CWE: N/A
Read more
Critical

CVE-2017-13815

An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the third-party "file" product. Versions before 5.31 allow remote attackers to cause a denial o…

CVSS: 9.8CWE: N/A
Read more
Medium

CVE-2017-13786

An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "APFS" component. It does not properly restrict the DMA mapping time of FileVault decryptio…

CVSS: 4.6CWE: N/A
Read more
2017-11-10
Critical

CVE-2017-16764

An exploitable vulnerability exists in the YAML parsing functionality in the read_yaml_file method in io_utils.py in django_make_app 0.1.3. A YAML parser can execute arbitrary Python commands resulti…

CVSS: 9.8CWE: N/A
Read more
Critical

CVE-2017-16763

An exploitable vulnerability exists in the YAML parsing functionality in config.py in Confire 0.2.0. Due to the user-specific configuration being loaded from "~/.confire.yaml" using the yaml.load fun…

CVSS: 9.8CWE: N/A
Read more
Critical

CVE-2017-16521

In Inedo BuildMaster before 5.8.2, XslTransform was used where XslCompiledTransform should have been used.

CVSS: 9.8CWE: N/A
Read more
High

CVE-2017-16249

The Debut embedded http server contains a remotely exploitable denial of service where a single malformed HTTP POST request can cause the server to hang until eventually replying (~300 seconds) with…

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2017-15638

The SuSEfirewall2 package before 3.6.312-2.13.1 in SUSE Linux Enterprise (SLE) Desktop 12 SP2, Server 12 SP2, and Server for Raspberry Pi 12 SP2; before 3.6.312.333-3.10.1 in SLE Desktop 12 SP3 and S…

CVSS: 6.5CWE: N/A
Read more
2017-11-09
High

CVE-2017-16674

Datto Windows Agent allows unauthenticated remote command execution via a modified command in conjunction with CVE-2017-16673 exploitation, aka an attack with a malformed primary whitelisted command…

CVSS: 8.0CWE: N/A
Read more
2017-11-08
Critical

CVE-2017-16618

An exploitable vulnerability exists in the YAML loading functionality of util.py in OwlMixin before 2.0.0a12. A "Load YAML" string or file (aka load_yaml or load_yamlf) can execute arbitrary Python c…

CVSS: 9.8CWE: N/A
Read more
Critical

CVE-2017-16616

An exploitable vulnerability exists in the YAML parsing functionality in the YAMLParser method in Interfaces.py in PyAnyAPI before 0.6.1. A YAML parser can execute arbitrary Python commands resulting…

CVSS: 9.8CWE: N/A
Read more
Critical

CVE-2017-16615

An exploitable vulnerability exists in the YAML parsing functionality in the parse_yaml_query method in parser.py in MLAlchemy before 0.2.2. When processing YAML-Based queries for data, a YAML parser…

CVSS: 9.8CWE: N/A
Read more
2017-11-07
Medium

CVE-2017-16644

The hdpvr_probe function in drivers/media/usb/hdpvr/hdpvr-core.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (improper error handling and system crash) or poss…

CVSS: 6.6CWE: CWE-388
Read more
Critical

CVE-2016-0872

A Plaintext Storage of a Password issue was discovered in Kabona AB WebDatorCentral (WDC) versions prior to Version 3.4.0. WDC stores password credentials in plaintext.

CVSS: 9.8CWE: CWE-255
Read more
High

CVE-2017-2915

An exploitable vulnerability exists in the WiFi configuration functionality of Circle with Disney running firmware 2.0.1. A specially crafted SSID can cause the device to execute arbitrary shell comm…

CVSS: 8.0CWE: N/A
Read more
High

CVE-2017-2883

An exploitable vulnerability exists in the database update functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause the device to execute arbitrary code…

CVSS: 8.1CWE: N/A
Read more
High

CVE-2017-2882

An exploitable vulnerability exists in the servers update functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause the device to overwrite sensitive fil…

CVSS: 8.1CWE: N/A
Read more
High

CVE-2017-2881

An exploitable vulnerability exists in the torlist update functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause the product to run an attacker-suppli…

CVSS: 8.8CWE: N/A
Read more
High

CVE-2017-2865

An exploitable vulnerability exists in the firmware update functionality of Circle with Disney. Specially crafted network packets can cause the product to run an attacker-supplied shell script. An at…

CVSS: 7.5CWE: N/A
Read more
Critical

CVE-2017-12085

An exploitable routing vulnerability exists in the Circle with Disney cloud infrastructure. A specially crafted packet can make the Circle cloud route a packet to any arbitrary Circle device. An atta…

CVSS: 9.0CWE: N/A
Read more
2017-11-06
High

CVE-2017-6331

Prior to SEP 14 RU1 Symantec Endpoint Protection product can encounter an issue of Tamper-Protection Bypass, which is a type of attack that bypasses the real time protection for the application that…

CVSS: 7.1CWE: N/A
Read more
High

CVE-2017-13681

Symantec Endpoint Protection prior to SEP 12.1 RU6 MP9 could be susceptible to a privilege escalation vulnerability, which is a type of issue that allows a user to gain elevated access to resources t…

CVSS: 7.8CWE: N/A
Read more
Medium

CVE-2017-13680

Prior to SEP 12.1 RU6 MP9 & SEP 14 RU1 Symantec Endpoint Protection Windows endpoint can encounter a situation whereby an attacker could use the product's UI to perform unauthorized file deletes on t…

CVSS: 5.5CWE: N/A
Read more
2017-11-03
Critical

CVE-2017-1000152

Mahara 15.04 before 15.04.7 and 15.10 before 15.10.3 running PHP 5.3 are vulnerable to one user being logged in as another user on a separate computer as the same session ID is served. This situation…

CVSS: 9.8CWE: N/A
Read more
Medium

CVE-2017-1000145

Mahara 1.9 before 1.9.7 and 1.10 before 1.10.5 and 15.04 before 15.04.2 are vulnerable to anonymous comments being able to be placed on artefact detail pages even when the site administrator had disa…

CVSS: 4.9CWE: N/A
Read more
Medium

CVE-2017-1000142

Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to users being able to delete their submitted page through URL manipulation.

CVSS: 6.5CWE: N/A
Read more
Critical

CVE-2017-16523

MitraStar GPT-2541GNAC (HGU) 1.00(VNJ0)b1 and DSL-100HN-T1 ES_113WJY0b16 devices have a zyad1234 password for the zyad1234 account, which is equivalent to root and undocumented.

CVSS: 9.8CWE: N/A
Read more
2017-11-02
High

CVE-2017-12261

A vulnerability in the restricted shell of the Cisco Identity Services Engine (ISE) that is accessible via SSH could allow an authenticated, local attacker to run arbitrary CLI commands with elevated…

CVSS: 7.8CWE: CWE-264
Read more
2017-11-01
Critical

CVE-2017-15535

MongoDB 3.4.x before 3.4.10, and 3.5.x-development, has a disabled-by-default configuration setting, networkMessageCompressors (aka wire protocol compression), which exposes a vulnerability when enab…

CVSS: 9.1CWE: N/A
Read more
2017-10-30
Critical

CVE-2017-10151

Vulnerability in the Oracle Identity Manager component of Oracle Fusion Middleware (subcomponent: Default Account). Supported versions that are affected are 11.1.1.7, 11.1.2.3 and 12.2.1.3. Easily ex…

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2014-0073

The CDVInAppBrowser class in the Apache Cordova In-App-Browser standalone plugin (org.apache.cordova.inappbrowser) before 0.3.2 for iOS and the In-App-Browser plugin for iOS from Cordova 2.6.0 throug…

CVSS: 9.8CWE: CWE-264
Read more
High

CVE-2012-0881

Apache Xerces2 Java Parser before 2.12.0 allows remote attackers to cause a denial of service (CPU consumption) via a crafted message to an XML service, which triggers hash table collisions.

CVSS: 7.5CWE: CWE-399
Read more
High

CVE-2015-0224

qpidd in Apache Qpid 0.30 and earlier allows remote attackers to cause a denial of service (daemon crash) via a crafted protocol sequence set. NOTE: this vulnerability exists because of an incomplet…

CVSS: 7.5CWE: CWE-19
Read more
Critical

CVE-2012-5358

The XSLTCompiledTransform function in Ektron Content Management System (CMS) before 8.02 SP5 configures the XSL with enableDocumentFunction set to true, which allows remote attackers to read arbitrar…

CVSS: 9.8CWE: CWE-19
Read more
Critical

CVE-2012-5357

Ektron Content Management System (CMS) before 8.02 SP5 uses the XslCompiledTransform class with enablescript set to true, which allows remote attackers to execute arbitrary code with NETWORK SERVICE…

CVSS: 9.8CWE: CWE-19
Read more
2017-10-29
Critical

CVE-2017-16228

Dulwich before 0.18.5, when an SSH subprocess is used, allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, a related issue to CVE-2017…

CVSS: 9.8CWE: N/A
Read more
Medium

CVE-2006-5331

The altivec_unavailable_exception function in arch/powerpc/kernel/traps.c in the Linux kernel before 2.6.19 on 64-bit systems mishandles the case where CONFIG_ALTIVEC is defined and the CPU actually…

CVSS: 5.5CWE: CWE-19
Read more
2017-10-27
Medium

CVE-2017-6160

In F5 BIG-IP AAM and PEM software version 12.0.0 to 12.1.1, 11.6.0 to 11.6.1, 11.4.1 to 11.5.4, a remote attacker may create maliciously crafted HTTP request to cause Traffic Management Microkernel (…

CVSS: 5.9CWE: N/A
Read more
Medium

CVE-2017-6159

F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, Websafe software version 12.0.0 to 12.1.2, 11.6.0 to 11.6.1 are vulnerable to a denial of service attack when the MPTCP o…

CVSS: 5.9CWE: N/A
Read more
High

CVE-2017-6157

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and Websafe software version 12.0.0 to 12.1.1, 11.6.0 to 11.6.1, 11.5.0 - 11.5.4, virtual servers with a configuration…

CVSS: 8.1CWE: N/A
Read more
Medium

CVE-2017-5120

Inappropriate use of www mismatch redirects in browser navigation in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to potent…

CVSS: 6.5CWE: N/A
Read more
Medium

CVE-2017-5101

Inappropriate implementation in Omnibox in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to spoof the contents of the Omnibox via a crafted HTML page.

CVSS: 6.5CWE: N/A
Read more
High

CVE-2017-5078

Insufficient validation of untrusted input in Blink's mailto: handling in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac allowed a remote attacker to perform command injection via a…

CVSS: 8.8CWE: N/A
Read more
2017-10-26
Critical

CVE-2012-1622

Apache OFBiz 10.04.x before 10.04.02 allows remote attackers to execute arbitrary code via unspecified vectors.

CVSS: 9.8CWE: N/A
Read more
High

CVE-2017-3771

System boot process is not adequately secured In Lenovo E95 and ThinkCentre M710s/M710t because systems were shipped from factory without completing BIOS/UEFI initialization process.

CVSS: 7.5CWE: N/A
Read more
2017-10-24
Medium

CVE-2017-1212

IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0.2 is vulnerable to a denial of service when viewing or opening a large file. IBM X-Force ID: 123852.

CVSS: 6.5CWE: N/A
Read more
High

CVE-2016-10517

networking.c in Redis before 3.2.7 allows "Cross Protocol Scripting" because it lacks a check for POST and Host: strings, which are not valid in the Redis protocol (but commonly occur when an attack…

CVSS: 7.4CWE: CWE-254
Read more
Medium

CVE-2013-3734

The Embedded Jopr component in JBoss Application Server includes the cleartext datasource password in unspecified HTML responses, which might allow (1) man-in-the-middle attackers to obtain sensitive…

CVSS: 6.6CWE: CWE-255
Read more
2017-10-23
Medium

CVE-2011-2683

reseed seeds random numbers from an insecure HTTP request to random.org during installation, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a man-in-the-…

CVSS: 5.9CWE: CWE-254
Read more
High

CVE-2017-15567

The certificate import component in IDEMIA (formerly Morpho) MorphoSmart 1300 Series (aka MSO 1300 Series) devices allows local users to obtain a command shell, and consequently gain privileges, via…

CVSS: 7.8CWE: N/A
Read more
High

CVE-2017-15377

In Suricata before 4.x, it was possible to trigger lots of redundant checks on the content of crafted network traffic with a certain signature, because of DetectEngineContentInspection in detect-engi…

CVSS: 7.5CWE: N/A
Read more
High

CVE-2017-14332

Extreme EXOS 15.7, 16.x, 21.x, and 22.x allows remote attackers to hijack sessions by determining SessionID values.

CVSS: 8.1CWE: N/A
Read more
Medium

CVE-2017-14331

Extreme EXOS 16.x, 21.x, and 22.x allows administrators to bypass the "exsh restricted shell" protection mechanism and obtain an interactive shell.

CVSS: 6.7CWE: N/A
Read more
High

CVE-2017-7149

An issue was discovered in certain Apple products. macOS before 10.13 Supplemental Update is affected. The issue involves the "StorageKit" component. It allows attackers to discover passwords for APF…

CVSS: 7.8CWE: N/A
Read more
Medium

CVE-2017-7145

An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Time" component. The "Setting Time Zone" feature mishandles the possibility of using location dat…

CVSS: 5.3CWE: CWE-275
Read more
Medium

CVE-2017-7144

An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to track Safari Priva…

CVSS: 4.3CWE: CWE-275
Read more
Medium

CVE-2017-7088

An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Exchange ActiveSync" component. It allows remote attackers to erase a device in opportunistic cir…

CVSS: 5.9CWE: CWE-275
Read more
Low

CVE-2017-7084

An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "Application Firewall" component. It allows remote attackers to bypass intended settings in o…

CVSS: 3.7CWE: N/A
Read more
2017-10-22
High

CVE-2015-5699

The Switch Configuration Tools Backend (clcmd_server) in Cumulus Linux 2.5.3 and earlier allows local users to execute arbitrary commands via shell metacharacters in a cl-rctl command label.

CVSS: 7.8CWE: CWE-264
Read more
2017-10-20
Critical

CVE-2011-1935

pcap-linux.c in libpcap 1.1.1 before commit ea9432fabdf4b33cbc76d9437200e028f1c47c93 when snaplen is set may truncate packets, which might allow remote attackers to send arbitrary data while avoiding…

CVSS: 9.8CWE: N/A
Read more
2017-10-19
High

CVE-2017-3588

Vulnerability in the Solaris Cluster component of Oracle Sun Systems Products Suite (subcomponent: HA for MySQL). Supported versions that are affected are 3.3 and 4.3. Easily exploitable vulnerabilit…

CVSS: 7.3CWE: N/A
Read more
High

CVE-2017-3446

Vulnerability in the Oracle Trade Management component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2…

CVSS: 8.2CWE: N/A
Read more
High

CVE-2017-3445

Vulnerability in the Oracle Trade Management component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2…

CVSS: 8.2CWE: N/A
Read more
High

CVE-2017-3444

Vulnerability in the Oracle Trade Management component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2…

CVSS: 8.2CWE: N/A
Read more
Medium

CVE-2017-10428

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.30. Difficult to exploit vulnerability allows…

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2017-10427

Vulnerability in the Oracle Retail Xstore Point of Service component of Oracle Retail Applications (subcomponent: Point of Sale). Supported versions that are affected are 6.0.11, 6.5.11, 7.0.6, 7.1.6…

CVSS: 6.5CWE: N/A
Read more
>