Total
22706 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-1755 | 1 Ibm | 1 Security Identity Governance And Intelligence | 2019-10-09 | 4.6 MEDIUM | 6.7 MEDIUM |
| IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 could allow a local attacker to inject commands into malicious files that could be executed by the administrator. IBM X-Force ID: 135855. | |||||
| CVE-2017-2342 | 1 Juniper | 2 Junos, Srx300 | 2019-10-09 | 4.3 MEDIUM | 8.1 HIGH |
| MACsec feature on Juniper Networks Junos OS 15.1X49 prior to 15.1X49-D100 on SRX300 series does not report errors when a secure link can not be established. It falls back to an unencrypted link. This can happen when MACsec is configured on ports that are not capable of MACsec or when a secure link can not be established. This can mislead customers into believing that a link is secure. On SRX 300 series devices, prior to 15.1X49-D100, MACsec was only supported on control and fabric ports of SRX340 and SRX345 devices. SRX300 and and SRX320 did not have any MACsec capable ports. Configuring MACsec on ports that were not MACsec capable would have resulted in this issue. Affected releases are Juniper Networks Junos OS 15.1X49 prior to 15.1X49-D100 on SRX300 series. | |||||
| CVE-2017-1350 | 1 Ibm | 1 Infosphere Information Server | 2019-10-09 | 7.2 HIGH | 7.8 HIGH |
| IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 could allow a user to escalate their privileges to administrator due to improper access controls. IBM X-Force ID: 126526. | |||||
| CVE-2017-2346 | 1 Juniper | 2 Junos, Mx | 2019-10-09 | 4.3 MEDIUM | 5.9 MEDIUM |
| An MS-MPC or MS-MIC Service PIC may crash when large fragmented packets are passed through an Application Layer Gateway (ALG). Repeated crashes of the Service PC can result in an extended denial of service condition. The issue can be seen only if NAT or stateful-firewall rules are configured with ALGs enabled. This issue was caused by the code change for PR 1182910 in Junos OS 14.1X55-D30, 14.1X55-D35, 14.2R7, 15.1R5, and 16.1R2. No other versions of Junos OS and no other Juniper Networks products or platforms are affected by this issue. Affected releases are Juniper Networks Junos OS on MX platforms running: 14.1X55 from 14.1X55-D30 to releases prior to 14.1X55-D35; 14.2R from 14.2R7 to releases prior to 14.2R7-S4, 14.2R8; 15.1R from 15.1R5 to releases prior to 15.1R5-S2, 15.1R6; 16.1R from 16.1R2 to releases prior to 16.1R3-S2, 16.1R4. | |||||
| CVE-2017-2589 | 2 Hawt, Redhat | 2 Hawtio, Jboss Fuse | 2019-10-09 | 6.0 MEDIUM | 9.0 CRITICAL |
| It was discovered that the hawtio servlet 1.4 uses a single HttpClient instance to proxy requests with a persistent cookie store (cookies are stored locally and are not passed between the client and the end URL) which means all clients using that proxy are sharing the same cookies. | |||||
| CVE-2017-1788 | 1 Ibm | 1 Websphere Application Server | 2019-10-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM WebSphere Application Server 9 installations using Form Login could allow a remote attacker to conduct spoofing attacks. IBM X-Force ID: 137031. | |||||
| CVE-2017-2602 | 1 Jenkins | 1 Jenkins | 2019-10-09 | 4.0 MEDIUM | 4.3 MEDIUM |
| jenkins before versions 2.44, 2.32.2 is vulnerable to an improper blacklisting of the Pipeline metadata files in the agent-to-master security subsystem. This could allow metadata files to be written to by malicious agents (SECURITY-358). | |||||
| CVE-2017-15107 | 1 Thekelleys | 1 Dnsmasq | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability was found in the implementation of DNSSEC in Dnsmasq up to and including 2.78. Wildcard synthesized NSEC records could be improperly interpreted to prove the non-existence of hostnames that actually exist. | |||||
| CVE-2017-15891 | 1 Synology | 1 Calendar | 2019-10-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| Improper access control vulnerability in SYNO.Cal.EventBase in Synology Calendar before 2.0.1-0242 allows remote authenticated users to modify calendar event via unspecified vectors. | |||||
| CVE-2017-16207 | 1 Discordi.js Project | 1 Discordi.js | 2019-10-09 | 5.0 MEDIUM | 7.3 HIGH |
| discordi.js is a malicious module based on the discord.js library that exfiltrates login tokens to pastebin. | |||||
| CVE-2017-16030 | 1 Useragent Project | 1 Useragent | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| Useragent is used to parse useragent headers. It uses several regular expressions to accomplish this. An attacker could edit their own headers, creating an arbitrarily long useragent string, causing the event loop and server to block. This affects Useragent 2.1.12 and earlier. | |||||
| CVE-2017-15136 | 1 Redhat | 1 Satellite | 2019-10-09 | 4.0 MEDIUM | 2.7 LOW |
| When registering and activating a new system with Red Hat Satellite 6 if the new systems hostname is then reset to the hostname of a previously registered system the previously registered system will lose access to updates including security updates. | |||||
| CVE-2017-16088 | 1 Safe-eval Project | 1 Safe-eval | 2019-10-09 | 10.0 HIGH | 10.0 CRITICAL |
| The safe-eval module describes itself as a safer version of eval. By accessing the object constructors, un-sanitized user input can access the entire standard library and effectively break out of the sandbox. | |||||
| CVE-2017-16007 | 1 Cisco | 1 Node-jose | 2019-10-09 | 4.3 MEDIUM | 5.9 MEDIUM |
| node-jose is a JavaScript implementation of the JSON Object Signing and Encryption (JOSE) for current web browsers and node.js-based servers. node-jose earlier than version 0.9.3 is vulnerable to an invalid curve attack. This allows an attacker to recover the private secret key when JWE with Key Agreement with Elliptic Curve Diffie-Hellman Ephemeral Static (ECDH-ES) is used. | |||||
| CVE-2017-12362 | 1 Cisco | 1 Meeting Server | 2019-10-09 | 7.8 HIGH | 6.5 MEDIUM |
| A vulnerability in Cisco Meeting Server versions prior to 2.2.2 could allow an authenticated, remote attacker to cause the system to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to video calls being made on systems with a particular configuration. An attacker could exploit this by knowing a valid URI that directs to a Cisco Meeting Server. An attacker could then make a video call and cause the system to reload. Cisco Bug IDs: CSCve65931. | |||||
| CVE-2017-14361 | 1 Microfocus | 1 Project And Portfolio Management | 2019-10-09 | 5.8 MEDIUM | 7.4 HIGH |
| Man-In-The-Middle vulnerability in Micro Focus Project and Portfolio Management Center, version 9.32. This vulnerability could be exploited to allow a Man-in-the-middle attack. | |||||
| CVE-2017-12353 | 1 Cisco | 1 Asyncos | 2019-10-09 | 5.0 MEDIUM | 5.8 MEDIUM |
| A vulnerability in the Multipurpose Internet Mail Extensions (MIME) scanner of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to bypass configured user filters on the device. The vulnerability is due to improper error handling of a malformed MIME header in an email attachment. An attacker could exploit this vulnerability by sending an email with a crafted MIME attachment. For example, a successful exploit could allow the attacker to bypass configured user filters to drop the email. The malformed MIME headers may not be RFC compliant. However, some mail clients could still allow users to access the attachment, which may not have been properly filtered by the device. Cisco Bug IDs: CSCvf44666. | |||||
| CVE-2017-12711 | 1 Advantech | 1 Webaccess | 2019-10-09 | 4.6 MEDIUM | 7.8 HIGH |
| An Incorrect Privilege Assignment issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. A built-in user account has been granted a sensitive privilege that may allow a user to elevate to administrative privileges. | |||||
| CVE-2017-12360 | 1 Cisco | 1 Webex Meeting Center | 2019-10-09 | 4.3 MEDIUM | 4.3 MEDIUM |
| A vulnerability in Cisco WebEx Network Recording Player for WebEx Recording Format (WRF) files could allow an attacker to cause a denial of service (DoS) condition. An attacker could exploit this vulnerability by providing a user with a malicious WRF file via email or URL and convincing the user to open the file. A successful exploit could cause an affected player to crash, resulting in a DoS condition. This vulnerability affects Cisco WebEx Business Suite meeting sites, Cisco WebEx Meetings sites, and Cisco WebEx WRF players. Cisco Bug IDs: CSCve30294, CSCve30301. | |||||
| CVE-2017-12238 | 1 Cisco | 1 Ios | 2019-10-09 | 3.3 LOW | 6.5 MEDIUM |
| A vulnerability in the Virtual Private LAN Service (VPLS) code of Cisco IOS 15.0 through 15.4 for Cisco Catalyst 6800 Series Switches could allow an unauthenticated, adjacent attacker to cause a C6800-16P10G or C6800-16P10G-XL type line card to crash, resulting in a denial of service (DoS) condition. The vulnerability is due to a memory management issue in the affected software. An attacker could exploit this vulnerability by creating a large number of VPLS-generated MAC entries in the MAC address table of an affected device. A successful exploit could allow the attacker to cause a C6800-16P10G or C6800-16P10G-XL type line card to crash, resulting in a DoS condition. This vulnerability affects Cisco Catalyst 6800 Series Switches that are running a vulnerable release of Cisco IOS Software and have a Cisco C6800-16P10G or C6800-16P10G-XL line card in use with Supervisor Engine 6T. To be vulnerable, the device must also be configured with VPLS and the C6800-16P10G or C6800-16P10G-XL line card needs to be the core-facing MPLS interfaces. Cisco Bug IDs: CSCva61927. | |||||