Total
247235 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-0903 | 4 Canonical, Debian, Redhat and 1 more | 9 Ubuntu Linux, Debian Linux, Enterprise Linux Desktop and 6 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a possible remote code execution vulnerability. YAML deserialization of gem specifications can bypass class white lists. Specially crafted serialized objects can possibly be used to escalate to remote code execution. | |||||
CVE-2017-1181 | 1 Ibm | 1 Tivoli Monitoring | 2023-12-10 | 1.9 LOW | 7.0 HIGH |
IBM Tivoli Monitoring Portal V6 client could allow a local attacker to gain elevated privileges for IBM Tivoli Monitoring, caused by the default console connection not being encrypted. IBM X-Force ID: 123487. | |||||
CVE-2017-8254 | 1 Google | 1 Android | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
In all Qualcomm products with Android releases from CAF using the Linux kernel, an audio client pointer is dereferenced before being checked if it is valid. | |||||
CVE-2017-6777 | 1 Cisco | 1 Elastic Services Controller | 2023-12-10 | 4.0 MEDIUM | 4.9 MEDIUM |
A vulnerability in the ConfD server of the Cisco Elastic Services Controller (ESC) could allow an authenticated, remote attacker to acquire sensitive system information. The vulnerability is due to insufficient protection of sensitive files on the system. An attacker could exploit this vulnerability by logging into the ConfD server and executing certain commands. An exploit could allow an unprivileged user to view configuration parameters that can be maliciously used. Cisco Bug IDs: CSCvd76409. Known Affected Releases: 2.3, 2.3(2). | |||||
CVE-2017-6018 | 1 Bbraun | 2 Spacestation, Station Firmware | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
An open redirect issue was discovered in B. Braun Medical SpaceCom module, which is integrated into the SpaceStation docking station: SpaceStation with SpaceCom module (integrated as part number 8713142U), software versions prior to Version 012U000040, and SpaceStation (part number 8713140U) with installed SpaceCom module (part number 8713160U), software versions prior to Version 012U000040. The web server of the affected product accepts untrusted input which could allow attackers to redirect the request to an unintended URL contained within untrusted input. | |||||
CVE-2017-1727 | 1 Ibm | 1 Security Key Lifecycle Manager | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 discloses sensitive information in error messages that could aid an attacker in further attacks against the system. IBM X-Force ID: 134869. | |||||
CVE-2017-9418 | 1 Goldplugins | 1 Testimonials Plugin Easy Testimonials | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
SQL injection vulnerability in the WP-Testimonials plugin 3.4.1 for WordPress allows an authenticated user to execute arbitrary SQL commands via the testid parameter to wp-admin/admin.php. | |||||
CVE-2017-12427 | 1 Imagemagick | 1 Imagemagick | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
The ProcessMSLScript function in coders/msl.c in ImageMagick before 6.9.9-5 and 7.x before 7.0.6-5 allows remote attackers to cause a denial of service (memory leak) via a crafted file, related to the WriteMSLImage function. | |||||
CVE-2015-6502 | 1 Puppet | 1 Puppet Enterprise | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in the console in Puppet Enterprise before 2015.2.1 allows remote attackers to inject arbitrary web script or HTML via the string parameter, related to Login Redirect. | |||||
CVE-2017-9439 | 1 Imagemagick | 1 Imagemagick | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
In ImageMagick 7.0.5-5, a memory leak was found in the function ReadPDBImage in coders/pdb.c, which allows attackers to cause a denial of service via a crafted file. | |||||
CVE-2017-12704 | 1 Advantech | 1 Webaccess | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
A heap-based buffer overflow issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Researchers have identified multiple vulnerabilities where there is a lack of proper validation of the length of user-supplied data prior to copying it to the heap-based buffer, which could allow an attacker to execute arbitrary code under the context of the process. | |||||
CVE-2017-13738 | 1 Liblouis | 1 Liblouis | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
There is an illegal address access in the _lou_getALine function in compileTranslationTable.c:346 in Liblouis 3.2.0. | |||||
CVE-2017-8267 | 1 Google | 1 Android | 2023-12-10 | 7.6 HIGH | 7.0 HIGH |
In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in an IOCTL handler potentially leading to an integer overflow and then an out-of-bounds write. | |||||
CVE-2017-15748 | 1 Irfanview | 2 Cadimage, Irfanview | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
IrfanView 4.50 - 64bit with CADImage plugin version 12.0.0.5 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a "User Mode Write AV starting at CADIMAGE+0x000000000000613a." | |||||
CVE-2017-11002 | 1 Google | 1 Android | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
In all Qualcomm products with Android releases from CAF using the Linux kernel, while processing a vendor sub-command, a buffer over-read can occur. | |||||
CVE-2017-1326 | 1 Ibm | 1 Sterling B2b Integrator | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
IBM Sterling File Gateway does not properly restrict user requests based on permission level. This allows for users to update data related to other users, by manipulating the parameters passed in the POST request. IBM X-Force ID: 126060. | |||||
CVE-2017-12847 | 1 Nagios | 1 Nagios | 2023-12-10 | 6.3 MEDIUM | 6.3 MEDIUM |
Nagios Core before 4.3.3 creates a nagios.lock PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for nagios.lock modification before a root script executes a "kill `cat /pathname/nagios.lock`" command. | |||||
CVE-2017-5868 | 1 Openvpn | 1 Openvpn Access Server | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
CRLF injection vulnerability in the web interface in OpenVPN Access Server 2.1.4 allows remote attackers to inject arbitrary HTTP headers and consequently conduct session fixation attacks and possibly HTTP response splitting attacks via "%0A" characters in the PATH_INFO to __session_start__/. | |||||
CVE-2017-12283 | 1 Cisco | 4 Aironet 3800 Firmware, Aironet 3800e, Aironet 3800i and 1 more | 2023-12-10 | 2.9 LOW | 6.1 MEDIUM |
A vulnerability in the handling of 802.11w Protected Management Frames (PAF) by Cisco Aironet 3800 Series Access Points could allow an unauthenticated, adjacent attacker to terminate a valid user connection to an affected device, aka Denial of Service. The vulnerability exists because the affected device does not properly validate 802.11w PAF disassociation and deauthentication frames that it receives. An attacker could exploit this vulnerability by sending a spoofed 802.11w PAF frame from a valid, authenticated client on an adjacent network to an affected device. A successful exploit could allow the attacker to terminate a single valid user connection to the affected device. This vulnerability affects Access Points that are configured to run in FlexConnect mode. Cisco Bug IDs: CSCvc20627. | |||||
CVE-2015-1526 | 1 Google | 1 Android | 2023-12-10 | 7.1 HIGH | 5.5 MEDIUM |
The media_server component in Android allows remote attackers to cause a denial of service via a crafted application. |