Total
22706 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-7835 | 1 Mozilla | 1 Firefox | 2019-10-02 | 7.5 HIGH | 7.3 HIGH |
| Mixed content blocking of insecure (HTTP) sub-resources in a secure (HTTPS) document was not correctly applied for resources that redirect from HTTPS to HTTP, allowing content that should be blocked, such as scripts, to be loaded on a page. This vulnerability affects Firefox < 57. | |||||
| CVE-2017-7972 | 1 Schneider-electric | 3 Citect Anywhere, Powerscada Anywhere, Powerscada Expert | 2019-10-02 | 5.2 MEDIUM | 5.5 MEDIUM |
| A vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the ability to escape out of remote PowerSCADA Anywhere applications and launch other processes. | |||||
| CVE-2017-7893 | 1 Saltstack | 1 Salt | 2019-10-02 | 7.5 HIGH | 9.8 CRITICAL |
| In SaltStack Salt before 2016.3.6, compromised salt-minions can impersonate the salt-master. | |||||
| CVE-2017-7894 | 1 Windjview Project | 1 Windjview | 2019-10-02 | 6.8 MEDIUM | 7.8 HIGH |
| WinDjView 2.1 might allow user-assisted attackers to execute code via a crafted .djvu file, because of a "User Mode Write AV near NULL" in WinDjView.exe. One threat model is a victim who obtains an untrusted .djvu file from a remote location and issues several user-defined commands. | |||||
| CVE-2017-7970 | 1 Schneider-electric | 3 Citect Anywhere, Powerscada Anywhere, Powerscada Expert | 2019-10-02 | 3.3 LOW | 6.5 MEDIUM |
| A vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the ability to specify Arbitrary Server Target Nodes in connection requests to the Secure Gateway and Server components. | |||||
| CVE-2017-7999 | 1 Eucalyptus | 1 Eucalyptus | 2019-10-02 | 3.5 LOW | 6.5 MEDIUM |
| Atlassian Eucalyptus before 4.4.1, when in EDGE mode, allows remote authenticated users with certain privileges to cause a denial of service (E2 service outage) via unspecified vectors. | |||||
| CVE-2017-8038 | 1 Pivotal Software | 1 Credhub-release | 2019-10-02 | 4.0 MEDIUM | 8.8 HIGH |
| In Cloud Foundry Foundation Credhub-release version 1.1.0, access control lists (ACLs) enforce whether an authenticated user can perform an operation on a credential. For installations using ACLs, the ACL was bypassed for the CredHub interpolate endpoint, allowing authenticated applications to view any credential within the CredHub installation. | |||||
| CVE-2017-8050 | 1 Tenable | 1 Appliance | 2019-10-02 | 5.0 MEDIUM | 7.5 HIGH |
| Tenable Appliance 4.4.0, and possibly prior, contains a flaw in the Web UI that allows for the unauthorized manipulation of the admin password. | |||||
| CVE-2017-8166 | 1 Huawei | 2 Honor V9, Honor V9 Firmware | 2019-10-02 | 7.2 HIGH | 6.8 MEDIUM |
| Huawei mobile phones Honor V9 with the software versions before Duke-AL20C00B195 have an App Lock bypass vulnerability. An attacker could perform specific operations to bypass the App Lock to use apps on a target mobile phone. | |||||
| CVE-2017-8173 | 1 Huawei | 12 Maya-l02, Maya-l02 Firmware, Vicky-al00a and 9 more | 2019-10-02 | 2.1 LOW | 4.6 MEDIUM |
| Maya-L02,VKY-L09,VTR-L29,Vicky-AL00A,Victoria-AL00A,Warsaw-AL00 smart phones with software of earlier than Maya-L02C636B126 versions,earlier than VKY-L29C10B151 versions,earlier than VTR-L29C10B151 versions,earlier than Vicky-AL00AC00B162 versions,earlier than Victoria-AL00AC00B167 versions,earlier than Warsaw-AL00C00B200 versions have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can login the configuration flow by some secret code and can perform some operations to update the Google account. As a result, the FRP function is bypassed. | |||||
| CVE-2017-8176 | 1 Huawei | 2 Iptv Stb, Iptv Stb Firmware | 2019-10-02 | 5.0 MEDIUM | 7.5 HIGH |
| Huawei IPTV STB with earlier than IPTV STB V100R003C01LMYTa6SPC001 versions has an authentication bypass vulnerability. An attacker could exploit this vulnerability to access the serial interface and modify the configuration. Successful exploit could lead to the authentication bypass and view channels by free. | |||||
| CVE-2017-8206 | 1 Huawei | 2 Honor 7 Lite, Honor 7 Lite Firmware | 2019-10-02 | 7.2 HIGH | 6.8 MEDIUM |
| HONOR 7 Lite mobile phones with software of versions earlier than NEM-L21C432B352 have an App Lock bypass vulnerability. An attacker could perform specific operations to bypass the App Lock to use apps on a target mobile phone temporarily. | |||||
| CVE-2017-8215 | 1 Huawei | 18 Honor 8, Honor 8 Firmware, Honor 9 and 15 more | 2019-10-02 | 7.2 HIGH | 6.2 MEDIUM |
| Honor 8,Honor V8,Honor 9,Honor V9,Nova 2,Nova 2 Plus,P9,P10 Plus,Toronto Huawei smart phones with software of versions earlier than FRD-AL00C00B391, versions earlier than FRD-DL00C00B391, versions earlier than KNT-AL10C00B391, versions earlier than KNT-AL20C00B391, versions earlier than KNT-UL10C00B391, versions earlier than KNT-TL10C00B391, versions earlier than Stanford-AL00C00B175, versions earlier than Stanford-AL10C00B175, versions earlier than Stanford-TL00C01B175, versions earlier than Duke-AL20C00B191, versions earlier than Duke-TL30C01B191, versions earlier than Picasso-AL00C00B162, versions earlier than Picasso-TL00C01B162 , versions earlier than Barca-AL00C00B162, versions earlier than Barca-TL00C00B162, versions earlier than EVA-AL10C00B396SP03, versions earlier than EVA-CL00C92B396, versions earlier than EVA-DL00C17B396, versions earlier than EVA-TL00C01B396 , versions earlier than Vicky-AL00AC00B172, versions earlier than Toronto-AL00AC00B191, versions earlier than Toronto-TL10C01B191 have a permission control vulnerability. An attacker with the system privilege of a mobile can exploit this vulnerability to bypass the unlock code verification and unlock the mobile phone bootloader. | |||||
| CVE-2017-8235 | 1 Google | 1 Android | 2019-10-02 | 4.3 MEDIUM | 5.5 MEDIUM |
| In all Android releases from CAF using the Linux kernel, a memory structure in a camera driver is not properly protected. | |||||
| CVE-2017-8274 | 1 Qualcomm | 24 Mdm9206, Mdm9206 Firmware, Mdm9607 and 21 more | 2019-10-02 | 10.0 HIGH | 9.8 CRITICAL |
| In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MSM8909W, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, an access control vulnerability exists in Core. | |||||
| CVE-2017-8261 | 1 Google | 1 Android | 2019-10-02 | 6.8 MEDIUM | 7.8 HIGH |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, in a camera driver ioctl, a kernel overwrite can potentially occur. | |||||
| CVE-2017-8263 | 1 Google | 1 Android | 2019-10-02 | 9.3 HIGH | 7.8 HIGH |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, a kernel fault can occur when doing certain operations on a read-only virtual address in userspace. | |||||
| CVE-2017-8307 | 1 Avast | 1 Antivirus | 2019-10-02 | 7.5 HIGH | 9.8 CRITICAL |
| In Avast Antivirus before v17, using the LPC interface API exposed by the AvastSVC.exe Windows service, it is possible to launch predefined binaries, or replace or delete arbitrary files. This vulnerability is exploitable by any unprivileged user when Avast Self-Defense is disabled. It is also exploitable in conjunction with CVE-2017-8308 when Avast Self-Defense is enabled. The vulnerability allows for Denial of Service attacks and hiding traces of a possible attack. | |||||
| CVE-2017-8383 | 1 Craftcms | 1 Craft Cms | 2019-10-02 | 5.0 MEDIUM | 5.3 MEDIUM |
| Craft CMS before 2.6.2976 does not properly restrict viewing the contents of files in the craft/app/ folder. | |||||
| CVE-2017-8386 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2019-10-02 | 6.5 MEDIUM | 8.8 HIGH |
| git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before 2.6.7, 2.7.x before 2.7.5, 2.8.x before 2.8.5, 2.9.x before 2.9.4, 2.10.x before 2.10.3, 2.11.x before 2.11.2, and 2.12.x before 2.12.3 might allow remote authenticated users to gain privileges via a repository name that starts with a - (dash) character. | |||||