Total
22706 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-8900 | 2 Canonical, Lightdm Project | 2 Ubuntu Linux, Lightdm | 2019-10-02 | 2.1 LOW | 4.6 MEDIUM |
| LightDM through 1.22.0, when systemd is used in Ubuntu 16.10 and 17.x, allows physically proximate attackers to bypass intended AppArmor restrictions and visit the home directories of arbitrary users by establishing a guest session. | |||||
| CVE-2017-8903 | 1 Xen | 1 Xen | 2019-10-02 | 7.2 HIGH | 8.8 HIGH |
| Xen through 4.8.x on 64-bit platforms mishandles page tables after an IRET hypercall, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-213. | |||||
| CVE-2017-8904 | 1 Xen | 1 Xen | 2019-10-02 | 6.8 MEDIUM | 8.8 HIGH |
| Xen through 4.8.x mishandles the "contains segment descriptors" property during GNTTABOP_transfer (aka guest transfer) operations, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-214. | |||||
| CVE-2017-8914 | 1 Sap | 1 Hana Xs | 2019-10-02 | 7.5 HIGH | 8.3 HIGH |
| sinopia, as used in SAP HANA XS 1.00 and 2.00, allows remote attackers to hijack npm packages or host arbitrary files by leveraging an insecure user creation policy, aka SAP Security Note 2407694. | |||||
| CVE-2017-8931 | 1 Bitdefender | 1 Gravityzone | 2019-10-02 | 10.0 HIGH | 9.8 CRITICAL |
| Bitdefender GravityZone VMware appliance before 6.2.1-35 might allow attackers to gain access with root privileges via unspecified vectors. | |||||
| CVE-2017-8948 | 1 Hp | 1 Network Node Manager I | 2019-10-02 | 10.0 HIGH | 9.8 CRITICAL |
| A Remote Bypass Security Restriction vulnerability in HPE Network Node Manager i (NNMi) Software versions v10.0x, v10.1x, v10.2x was found. | |||||
| CVE-2017-8949 | 1 Hp | 1 Sitescope | 2019-10-02 | 2.1 LOW | 5.5 MEDIUM |
| A Disclosure of Sensitive Information vulnerability in HPE SiteScope version v11.2x, v11.3x was found. | |||||
| CVE-2017-8959 | 1 Hp | 4 Msa 1040 San Storage, Msa 1040 San Storage Firmware, Msa 2040 San Storage and 1 more | 2019-10-02 | 6.5 MEDIUM | 8.8 HIGH |
| An Authentication Bypass vulnerability in HPE MSA 1040 and HPE MSA 2040 SAN Storage in version GL220P008 and earlier and was found. | |||||
| CVE-2017-8960 | 1 Hp | 4 Msa 1040 San Storage, Msa 1040 San Storage Firmware, Msa 2040 San Storage and 1 more | 2019-10-02 | 7.5 HIGH | 9.8 CRITICAL |
| An Authentication Bypass vulnerability in HPE MSA 1040 and MSA 2040 SAN Storage IN version GL220P008 and earlier was found. | |||||
| CVE-2017-8968 | 1 Hp | 1 Restful Interface Tool | 2019-10-02 | 7.2 HIGH | 7.8 HIGH |
| A remote execution of arbitrary code vulnerability has been identified in HPE RESTful Interface Tool 1.5, 2.0 (hprest-1.5-79.x86_64.rpm, ilorest-2.0-403.x86_64.rpm). The issue is resolved in iLOREST v2.1 or subsequent versions. | |||||
| CVE-2017-8974 | 1 Hp | 2 Nonstop Server, Nonstop Server Software | 2019-10-02 | 3.6 LOW | 4.4 MEDIUM |
| A Local Authentication Restriction Bypass vulnerability in HPE NonStop Server version L-Series: T6533L01 through T6533L01^ADN; J-Series and H-series: T6533H02 through T6533H04^ADF and T6533H05 through T6533H05^ADL was found. | |||||
| CVE-2017-8979 | 1 Hp | 2 Integrated Lights-out, Integrated Lights-out 2 Firmware | 2019-10-02 | 7.5 HIGH | 9.8 CRITICAL |
| Security vulnerabilities in the HPE Integrated Lights-Out 2 (iLO 2) firmware could be exploited remotely to allow authentication bypass, code execution, and denial of service. | |||||
| CVE-2017-8982 | 1 Hp | 1 Intelligent Management Center | 2019-10-02 | 5.0 MEDIUM | 7.5 HIGH |
| A Remote Authentication Restriction Bypass vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P4 was found. | |||||
| CVE-2017-8987 | 1 Hp | 2 Integrated Lights-out, Integrated Lights-out 3 Firmware | 2019-10-02 | 7.8 HIGH | 8.6 HIGH |
| A Unauthenticated Remote Denial of Service vulnerability was identified in HPE Integrated Lights-Out 3 (iLO 3) version v1.88 only. The vulnerability is resolved in iLO3 v1.89 or subsequent versions. | |||||
| CVE-2017-8988 | 1 Hp | 1 Xp Command View | 2019-10-02 | 7.5 HIGH | 9.8 CRITICAL |
| A Remote Bypass of Security Restrictions vulnerability was identified in HPE XP Command View Advanced Edition Software Earlier than 8.5.3-00. The vulnerability impacts DevMgr Earlier than 8.5.3-00 (for Windows, Linux), RepMgr earlier than 8.5.3-00 (for Windows, Linux) and HDLM earlier than 8.5.3-00 (for Windows, Linux, Solaris, AIX). | |||||
| CVE-2017-8992 | 1 Hp | 1 Centralview Fraud Risk Management | 2019-10-02 | 7.5 HIGH | 9.8 CRITICAL |
| HPE has identified a remote privilege escalation vulnerability in HPE CentralView Fraud Risk Management earlier than version CV 6.1. This issue is resolved in HF16 for HPE CV 6.1 or subsequent version. | |||||
| CVE-2017-9001 | 1 Hp | 1 Aruba Clearpass Policy Manager | 2019-10-02 | 9.3 HIGH | 8.1 HIGH |
| Aruba ClearPass 6.6.3 and later includes a feature called "SSH Lockout", which causes ClearPass to lock accounts with too many login failures through SSH. When this feature is enabled, an unauthenticated remote command execution vulnerability is present which could allow an unauthenticated user to execute arbitrary commands on the underlying operating system with "root" privilege level. This vulnerability is only present when a specific feature has been enabled. The SSH Lockout feature is not enabled by default, so only systems which have enabled this feature are vulnerable. | |||||
| CVE-2017-9023 | 1 Strongswan | 1 Strongswan | 2019-10-02 | 4.3 MEDIUM | 7.5 HIGH |
| The ASN.1 parser in strongSwan before 5.5.3 improperly handles CHOICE types when the x509 plugin is enabled, which allows remote attackers to cause a denial of service (infinite loop) via a crafted certificate. | |||||
| CVE-2017-9317 | 1 Dahuasecurity | 12 Ipc-hdbw4xxx, Ipc-hdbw4xxx Firmware, Ipc-hdbw5xxx and 9 more | 2019-10-02 | 4.0 MEDIUM | 8.8 HIGH |
| Privilege escalation vulnerability found in some Dahua IP devices. Attacker in possession of low privilege account can gain access to credential information of high privilege account and further obtain device information or attack the device. | |||||
| CVE-2017-9273 | 1 Microfocus | 2 Bi-directional Driver, Identity Manager | 2019-10-02 | 5.0 MEDIUM | 5.3 MEDIUM |
| The Bi-directional driver in IDM 4.5 before 4.0.3.0 could be susceptible to unauthorized log configuration changes. | |||||