Total
22706 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-5965 | 1 Sitecore | 1 Crm | 2019-10-02 | 6.5 MEDIUM | 6.7 MEDIUM |
| The package manager in Sitecore CRM 8.1 Rev 151207 allows remote authenticated administrators to execute arbitrary ASP code by creating a ZIP archive in which a .asp file has a ..\ in its pathname, visiting sitecore/shell/applications/install/dialogs/Upload%20Package/UploadPackage2.aspx to upload this archive and extract its contents, and visiting a URI under sitecore/ to execute the .asp file. | |||||
| CVE-2017-6005 | 1 Waves | 1 Maxxaudio | 2019-10-02 | 6.9 MEDIUM | 7.0 HIGH |
| Waves MaxxAudio, as installed on Dell laptops, adds a "WavesSysSvc" Windows service with File Version 1.1.6.0. This service has a vulnerability known as Unquoted Service Path. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system. | |||||
| CVE-2017-6128 | 1 F5 | 21 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 18 more | 2019-10-02 | 5.0 MEDIUM | 7.5 HIGH |
| An attacker may be able to cause a denial-of-service (DoS) attack against the sshd component in F5 BIG-IP, Enterprise Manager, BIG-IQ, and iWorkflow. | |||||
| CVE-2017-6137 | 1 F5 | 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more | 2019-10-02 | 4.3 MEDIUM | 5.9 MEDIUM |
| In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, PSM, WebAccelerator, and WebSafe 11.6.1 HF1, 12.0.0 HF3, 12.0.0 HF4, and 12.1.0 through 12.1.2, undisclosed traffic patterns received while software SYN cookie protection is engaged may cause a disruption of service to the Traffic Management Microkernel (TMM) on specific platforms and configurations. | |||||
| CVE-2017-6147 | 1 F5 | 10 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 7 more | 2019-10-02 | 4.3 MEDIUM | 5.9 MEDIUM |
| In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, and WebSafe 12.1.2-HF1 and 13.0.0, an undisclosed type of responses may cause TMM to restart, causing an interruption of service when "SSL Forward Proxy" setting is enabled in both the Client and Server SSL profiles assigned to a BIG-IP Virtual Server. | |||||
| CVE-2017-6151 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2019-10-02 | 7.8 HIGH | 7.5 HIGH |
| In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator and WebSafe software version 13.0.0, undisclosed requests made to BIG-IP virtual servers which make use of the "HTTP/2 profile" may result in a disruption of service to TMM. | |||||
| CVE-2017-6155 | 1 F5 | 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Application Acceleration Manager and 8 more | 2019-10-02 | 5.0 MEDIUM | 7.5 HIGH |
| On F5 BIG-IP 13.0.0, 12.0.0-12.1.3.1, 11.6.0-11.6.2, 11.4.1-11.5.5, or 11.2.1, malformed SPDY or HTTP/2 requests may result in a disruption of service to TMM. Data plane is only exposed when a SPDY or HTTP/2 profile is attached to a virtual server. There is no control plane exposure. | |||||
| CVE-2017-6156 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2019-10-02 | 6.0 MEDIUM | 6.4 MEDIUM |
| When the F5 BIG-IP 12.1.0-12.1.1, 11.6.0-11.6.1, 11.5.1-11.5.5, or 11.2.1 system is configured with a wildcard IPSec tunnel endpoint, it may allow a remote attacker to disrupt or impersonate the tunnels that have completed phase 1 IPSec negotiations. The attacker must possess the necessary credentials to negotiate the phase 1 of the IPSec exchange to exploit this vulnerability; in many environment this limits the attack surface to other endpoints under the same administration. | |||||
| CVE-2017-6157 | 1 F5 | 8 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Application Acceleration Manager and 5 more | 2019-10-02 | 6.8 MEDIUM | 8.1 HIGH |
| In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and Websafe software version 12.0.0 to 12.1.1, 11.6.0 to 11.6.1, 11.5.0 - 11.5.4, virtual servers with a configuration using the HTTP Explicit Proxy functionality and/or SOCKS profile are vulnerable to an unauthenticated, remote attack that allows modification of BIG-IP system configuration, extraction of sensitive system files, and/or possible remote command execution on the BIG-IP system. | |||||
| CVE-2017-6158 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2019-10-02 | 6.4 MEDIUM | 6.5 MEDIUM |
| In F5 BIG-IP 12.0.0-12.1.2, 11.6.0-11.6.1, 11.5.1-11.5.5, or 11.2.1 there is a vulnerability in TMM related to handling of invalid IP addresses. | |||||
| CVE-2017-6159 | 1 F5 | 8 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Application Acceleration Manager and 5 more | 2019-10-02 | 4.3 MEDIUM | 5.9 MEDIUM |
| F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, Websafe software version 12.0.0 to 12.1.2, 11.6.0 to 11.6.1 are vulnerable to a denial of service attack when the MPTCP option is enabled on a virtual server. Data plane is vulnerable when using the MPTCP option of a TCP profile. There is no control plane exposure. An attacker may be able to disrupt services by causing TMM to restart hence temporarily failing to process traffic. | |||||
| CVE-2017-6160 | 1 F5 | 2 Big-ip Application Acceleration Manager, Big-ip Policy Enforcement Manager | 2019-10-02 | 4.3 MEDIUM | 5.9 MEDIUM |
| In F5 BIG-IP AAM and PEM software version 12.0.0 to 12.1.1, 11.6.0 to 11.6.1, 11.4.1 to 11.5.4, a remote attacker may create maliciously crafted HTTP request to cause Traffic Management Microkernel (TMM) to restart and temporarily fail to process traffic. This issue is exposed on virtual servers using a Policy Enforcement profile or a Web Acceleration profile. Systems that do not have BIG-IP AAM module provisioned are not vulnerable. The Traffic Management Microkernel (TMM) may restart and temporarily fail to process traffic. Systems that do not have BIG-IP AAM or PEM module provisioned are not vulnerable. | |||||
| CVE-2017-6205 | 1 Dlink | 7 Websmart Dgs-1510-20, Websmart Dgs-1510-28, Websmart Dgs-1510-28p and 4 more | 2019-10-02 | 7.5 HIGH | 9.8 CRITICAL |
| D-Link DGS-1510-28XMP, DGS-1510-28X, DGS-1510-52X, DGS-1510-52, DGS-1510-28P, DGS-1510-28, and DGS-1510-20 Websmart devices with firmware before 1.31.B003 allow attackers to conduct Unauthenticated Command Bypass attacks via unspecified vectors. | |||||
| CVE-2017-6247 | 1 Google | 1 Android | 2019-10-02 | 9.3 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability in the NVIDIA sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High due to the possibility of local arbitrary code execution in a privileged process in the kernel. Product: Android. Versions: N/A. Android ID: A-34386301. References: N-CVE-2017-6247. | |||||
| CVE-2017-6248 | 1 Google | 1 Android | 2019-10-02 | 7.6 HIGH | 7.0 HIGH |
| An elevation of privilege vulnerability in the NVIDIA sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-34372667. References: N-CVE-2017-6248. | |||||
| CVE-2017-6249 | 1 Google | 1 Android | 2019-10-02 | 7.6 HIGH | 7.0 HIGH |
| An elevation of privilege vulnerability in the NVIDIA sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-34373711. References: N-CVE-2017-6249. | |||||
| CVE-2017-6250 | 1 Nvidia | 1 Geforce Experience | 2019-10-02 | 4.6 MEDIUM | 8.8 HIGH |
| NVIDIA GeForce Experience contains a vulnerability in NVIDIA Web Helper.exe, where untrusted script execution may lead to violation of application execution policy and local code execution. | |||||
| CVE-2017-6324 | 1 Symantec | 1 Messaging Gateway | 2019-10-02 | 7.5 HIGH | 7.3 HIGH |
| The Symantec Messaging Gateway, when processing a specific email attachment, can allow a malformed or corrupted Word file with a potentially malicious macro through despite the administrator having the 'disarm' functionality enabled. This constitutes a 'bypass' of the disarm functionality resident to the application. | |||||
| CVE-2017-6326 | 1 Symantec | 1 Messaging Gateway | 2019-10-02 | 10.0 HIGH | 10.0 CRITICAL |
| The Symantec Messaging Gateway can encounter an issue of remote code execution, which describes a situation whereby an individual may obtain the ability to execute commands remotely on a target machine or in a target process. | |||||
| CVE-2017-6330 | 1 Symantec | 1 Encryption Desktop | 2019-10-02 | 4.0 MEDIUM | 6.5 MEDIUM |
| Symantec Encryption Desktop before SED 10.4.1MP2 can allow remote attackers to cause a denial of service (resource consumption) via crafted web requests." | |||||