Total
22706 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-15192 | 1 Wireshark | 1 Wireshark | 2019-10-02 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 2.4.0 to 2.4.1 and 2.2.0 to 2.2.9, the BT ATT dissector could crash. This was addressed in epan/dissectors/packet-btatt.c by considering a case where not all of the BTATT packets have the same encapsulation level. | |||||
| CVE-2017-15300 | 1 Ewbf | 1 Cuda Zcash Miner | 2019-10-02 | 5.0 MEDIUM | 5.3 MEDIUM |
| The miner statistics HTTP API in EWBF Cuda Zcash Miner Version 0.3.4b hangs on incoming TCP connections until some sort of request is made (such as "GET / HTTP/1.1"), which allows for a Denial of Service attack preventing a user from viewing their mining statistics by an attacker opening a session with telnet or netcat and connecting to the miner on the HTTP API port. | |||||
| CVE-2017-15387 | 2 Debian, Google | 2 Debian Linux, Chrome | 2019-10-02 | 6.8 MEDIUM | 8.8 HIGH |
| Insufficient enforcement of Content Security Policy in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to open javascript: URL windows when they should not be allowed to via a crafted HTML page. | |||||
| CVE-2017-1539 | 1 Ibm | 1 Business Process Manager | 2019-10-02 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to privilege escalation by not properly distinguishing internal group memberships from user registry group memberships. By manipulating LDAP group membership an attack might gain privileged access. IBM X-Force ID: 130807. | |||||
| CVE-2017-15391 | 2 Debian, Google | 2 Debian Linux, Chrome | 2019-10-02 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient Policy Enforcement in Extensions in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to access Extension pages without authorisation via a crafted HTML page. | |||||
| CVE-2017-15524 | 1 Kemptechnologies | 1 Web Application Firewall | 2019-10-02 | 6.4 MEDIUM | 9.1 CRITICAL |
| The Application Firewall Pack (AFP, aka Web Application Firewall) component on Kemp Load Balancer devices with software before 7.2.40.1 allows a Security Feature Bypass via an HTTP POST request. | |||||
| CVE-2017-15619 | 1 Tp-link | 76 Er5110g, Er5110g Firmware, Er5120g and 73 more | 2019-10-02 | 9.0 HIGH | 7.2 HIGH |
| TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the pptphellointerval variable in the pptp_client.lua file. | |||||
| CVE-2017-15621 | 1 Tp-link | 76 Er5110g, Er5110g Firmware, Er5120g and 73 more | 2019-10-02 | 9.0 HIGH | 7.2 HIGH |
| TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the olmode variable in the interface_wan.lua file. | |||||
| CVE-2017-15623 | 1 Tp-link | 76 Er5110g, Er5110g Firmware, Er5120g and 73 more | 2019-10-02 | 9.0 HIGH | 7.2 HIGH |
| TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-enable variable in the pptp_server.lua file. | |||||
| CVE-2017-15627 | 1 Tp-link | 76 Er5110g, Er5110g Firmware, Er5120g and 73 more | 2019-10-02 | 9.0 HIGH | 7.2 HIGH |
| TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-pns variable in the pptp_client.lua file. | |||||
| CVE-2017-15629 | 1 Tp-link | 76 Er5110g, Er5110g Firmware, Er5120g and 73 more | 2019-10-02 | 9.0 HIGH | 7.2 HIGH |
| TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-tunnelname variable in the pptp_client.lua file. | |||||
| CVE-2017-15632 | 1 Tp-link | 76 Er5110g, Er5110g Firmware, Er5120g and 73 more | 2019-10-02 | 9.0 HIGH | 7.2 HIGH |
| TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-mppeencryption variable in the pptp_server.lua file. | |||||
| CVE-2017-15634 | 1 Tp-link | 76 Er5110g, Er5110g Firmware, Er5120g and 73 more | 2019-10-02 | 9.0 HIGH | 7.2 HIGH |
| TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the name variable in the wportal.lua file. | |||||
| CVE-2017-15636 | 1 Tp-link | 76 Er5110g, Er5110g Firmware, Er5120g and 73 more | 2019-10-02 | 9.0 HIGH | 7.2 HIGH |
| TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-time variable in the webfilter.lua file. | |||||
| CVE-2017-15638 | 2 Opensuse, Suse | 5 Leap, Linux Enterprise Desktop, Linux Enterprise Server and 2 more | 2019-10-02 | 6.4 MEDIUM | 6.5 MEDIUM |
| The SuSEfirewall2 package before 3.6.312-2.13.1 in SUSE Linux Enterprise (SLE) Desktop 12 SP2, Server 12 SP2, and Server for Raspberry Pi 12 SP2; before 3.6.312.333-3.10.1 in SLE Desktop 12 SP3 and Server 12 SP3; before 3.6_SVNr208-2.18.3.1 in SLE Server 11 SP4; before 3.6.312-5.9.1 in openSUSE Leap 42.2; and before 3.6.312.333-7.1 in openSUSE Leap 42.3 might allow remote attackers to bypass intended access restrictions on the portmap service by leveraging a missing source net restriction for _rpc_ services. | |||||
| CVE-2017-15841 | 1 Qualcomm | 32 Sd 410, Sd 410 Firmware, Sd 412 and 29 more | 2019-10-02 | 4.9 MEDIUM | 5.5 MEDIUM |
| When HOST sends a Special command ID packet, Controller triggers a RAM Dump and FW reset in Snapdragon Mobile in version SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 835, Snapdragon_High_Med_2016. | |||||
| CVE-2017-15864 | 2 Debian, Otrs | 2 Debian Linux, Otrs | 2019-10-02 | 4.0 MEDIUM | 8.8 HIGH |
| In the Agent Frontend in Open Ticket Request System (OTRS) 3.3.x through 3.3.18, with a crafted URL it is possible to gain information like database user and password. | |||||
| CVE-2017-16523 | 1 Mitrastar | 4 Dsl-100hn-t1, Dsl-100hn-t1 Firmware, Gpt-2541gnac and 1 more | 2019-10-02 | 10.0 HIGH | 9.8 CRITICAL |
| MitraStar GPT-2541GNAC (HGU) 1.00(VNJ0)b1 and DSL-100HN-T1 ES_113WJY0b16 devices have a zyad1234 password for the zyad1234 account, which is equivalent to root and undocumented. | |||||
| CVE-2017-1612 | 1 Ibm | 1 Websphere Mq | 2019-10-02 | 4.6 MEDIUM | 7.8 HIGH |
| IBM WebSphere MQ 7.0, 7.1, 7.5, 8.0, and 9.0 service trace module could be used to execute untrusted code under 'mqm' user. IBM X-Force ID: 132953. | |||||
| CVE-2017-5022 | 1 Google | 1 Chrome | 2019-10-02 | 4.3 MEDIUM | 4.3 MEDIUM |
| Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to properly enforce unsafe-inline content security policy, which allowed a remote attacker to bypass content security policy via a crafted HTML page. | |||||