Total
6955 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-15583 | 1 Abb | 2 Fox515t, Fox515t Firmware | 2017-11-08 | 5.0 MEDIUM | 6.5 MEDIUM |
| The embedded web server on ABB Fox515T 1.0 devices is vulnerable to Local File Inclusion. It accepts a parameter that specifies a file for display or for use as a template. The filename is not validated; an attacker could retrieve any file. | |||||
| CVE-2017-14327 | 1 Extremenetworks | 1 Extremexos | 2017-11-08 | 4.9 MEDIUM | 4.4 MEDIUM |
| Extreme EXOS 16.x, 21.x, and 22.x allows administrators to read arbitrary files. | |||||
| CVE-2017-13127 | 3 Apple, Google, Vip | 3 Iphone Os, Android, Vip | 2017-11-08 | 6.8 MEDIUM | 8.1 HIGH |
| The VIP.com application for IOS and Android allows remote attackers to obtain sensitive information and hijack the authentication of users via a rogue access point and a man-in-the-middle attack. | |||||
| CVE-2015-3400 | 1 Zfsonlinux | 1 Zfs | 2017-11-08 | 3.5 LOW | 4.3 MEDIUM |
| sharenfs 0.6.4, when built with commits bcdd594 and 7d08880 from the zfs repository, provides world readable access to the shared zfs file system, which might allow remote authenticated users to obtain sensitive information by reading shared files. | |||||
| CVE-2015-4171 | 3 Canonical, Debian, Strongswan | 4 Ubuntu Linux, Debian Linux, Strongswan and 1 more | 2017-11-07 | 2.6 LOW | N/A |
| strongSwan 4.3.0 through 5.x before 5.3.2 and strongSwan VPN Client before 1.4.6, when using EAP or pre-shared keys for authenticating an IKEv2 connection, does not enforce server authentication restrictions until the entire authentication process is complete, which allows remote servers to obtain credentials by using a valid certificate and then reading the responses. | |||||
| CVE-2015-6668 | 1 Wp-jobmanager | 1 Job Manager | 2017-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| The Job Manager plugin before 0.7.25 allows remote attackers to read arbitrary CV files via a brute force attack to the WordPress upload directory structure, related to an insecure direct object reference. | |||||
| CVE-2017-14603 | 1 Digium | 2 Asterisk, Certified Asterisk | 2017-11-05 | 5.0 MEDIUM | 7.5 HIGH |
| In Asterisk 11.x before 11.25.3, 13.x before 13.17.2, and 14.x before 14.6.2 and Certified Asterisk 11.x before 11.6-cert18 and 13.x before 13.13-cert6, insufficient RTCP packet validation could allow reading stale buffer contents and when combined with the "nat" and "symmetric_rtp" options allow redirecting where Asterisk sends the next RTCP report. | |||||
| CVE-2017-14943 | 1 Trapezegroup | 1 Transitmaster | 2017-11-05 | 5.0 MEDIUM | 7.5 HIGH |
| Trapeze TransitMaster is vulnerable to information disclosure (emails / hashed passwords) via a modified userID field in JSON data to ManageSubscriber.aspx/GetSubscriber. NOTE: this software is independently deployed at multiple municipal transit systems; it is not found exclusively on the "webwatch.(REDACTED).com" server mentioned in the reference. | |||||
| CVE-2015-6918 | 1 Saltstack | 1 Salt 2015 | 2017-11-05 | 3.5 LOW | 6.3 MEDIUM |
| salt before 2015.5.5 leaks git usernames and passwords to the log. | |||||
| CVE-2017-15236 | 1 Tiandy | 2 Tiandy Ip Camera, Tiandy Ip Camera Firmware | 2017-11-05 | 5.0 MEDIUM | 7.5 HIGH |
| Tiandy IP cameras 5.56.17.120 do not properly restrict a certain proprietary protocol, which allows remote attackers to read settings via a crafted request to TCP port 3001, as demonstrated by config* files and extendword.txt. | |||||
| CVE-2017-10916 | 1 Xen | 1 Xen | 2017-11-03 | 5.0 MEDIUM | 7.5 HIGH |
| The vCPU context-switch implementation in Xen through 4.8.x improperly interacts with the Memory Protection Extensions (MPX) and Protection Key (PKU) features, which makes it easier for guest OS users to defeat ASLR and other protection mechanisms, aka XSA-220. | |||||
| CVE-2016-8405 | 1 Linux | 1 Linux Kernel | 2017-11-03 | 4.3 MEDIUM | 4.7 MEDIUM |
| An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31651010. | |||||
| CVE-2016-9932 | 1 Xen | 1 Xen | 2017-11-03 | 2.1 LOW | 3.3 LOW |
| CMPXCHG8B emulation in Xen 3.3.x through 4.7.x on x86 systems allows local HVM guest OS users to obtain sensitive information from host stack memory via a "supposedly-ignored" operand size prefix. | |||||
| CVE-2015-8569 | 1 Linux | 1 Linux Kernel | 2017-11-03 | 1.9 LOW | 2.3 LOW |
| The (1) pptp_bind and (2) pptp_connect functions in drivers/net/ppp/pptp.c in the Linux kernel through 4.3.3 do not verify an address length, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application. | |||||
| CVE-2015-8575 | 1 Linux | 1 Linux Kernel | 2017-11-03 | 2.1 LOW | 4.0 MEDIUM |
| The sco_sock_bind function in net/bluetooth/sco.c in the Linux kernel before 4.3.4 does not verify an address length, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application. | |||||
| CVE-2017-14099 | 1 Digium | 2 Asterisk, Certified Asterisk | 2017-11-03 | 5.0 MEDIUM | 7.5 HIGH |
| In res/res_rtp_asterisk.c in Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13.x before 13.13-cert5, unauthorized data disclosure (media takeover in the RTP stack) is possible with careful timing by an attacker. The "strictrtp" option in rtp.conf enables a feature of the RTP stack that learns the source address of media for a session and drops any packets that do not originate from the expected address. This option is enabled by default in Asterisk 11 and above. The "nat" and "rtp_symmetric" options (for chan_sip and chan_pjsip, respectively) enable symmetric RTP support in the RTP stack. This uses the source address of incoming media as the target address of any sent media. This option is not enabled by default, but is commonly enabled to handle devices behind NAT. A change was made to the strict RTP support in the RTP stack to better tolerate late media when a reinvite occurs. When combined with the symmetric RTP support, this introduced an avenue where media could be hijacked. Instead of only learning a new address when expected, the new code allowed a new source address to be learned at all times. If a flood of RTP traffic was received, the strict RTP support would allow the new address to provide media, and (with symmetric RTP enabled) outgoing traffic would be sent to this new address, allowing the media to be hijacked. Provided the attacker continued to send traffic, they would continue to receive traffic as well. | |||||
| CVE-2017-9605 | 1 Linux | 1 Linux Kernel | 2017-11-03 | 4.9 MEDIUM | 5.5 MEDIUM |
| The vmw_gb_surface_define_ioctl function (accessible via DRM_IOCTL_VMW_GB_SURFACE_CREATE) in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.11.4 defines a backup_handle variable but does not give it an initial value. If one attempts to create a GB surface, with a previously allocated DMA buffer to be used as a backup buffer, the backup_handle variable does not get written to and is then later returned to user space, allowing local users to obtain sensitive information from uninitialized kernel memory via a crafted ioctl call. | |||||
| CVE-2014-5270 | 2 Debian, Gnupg | 2 Debian Linux, Libgcrypt | 2017-11-03 | 2.1 LOW | N/A |
| Libgcrypt before 1.5.4, as used in GnuPG and other products, does not properly perform ciphertext normalization and ciphertext randomization, which makes it easier for physically proximate attackers to conduct key-extraction attacks by leveraging the ability to collect voltage data from exposed metal, a different vector than CVE-2013-4576. | |||||
| CVE-2017-12849 | 1 Silverstripe | 1 Silverstripe | 2017-11-03 | 5.0 MEDIUM | 5.3 MEDIUM |
| Response discrepancy in the login and password reset forms in SilverStripe CMS before 3.5.5 and 3.6.x before 3.6.1 allows remote attackers to enumerate users via timing attacks. | |||||
| CVE-2017-11776 | 1 Microsoft | 1 Outlook | 2017-11-03 | 5.0 MEDIUM | 7.5 HIGH |
| Microsoft Outlook 2016 allows an attacker to obtain the email content of a user, due to how Outlook 2016 discloses user email content, aka "Microsoft Outlook Information Disclosure Vulnerability." | |||||