Total
9398 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-1835 | 1 Apache | 1 Cordova | 2017-11-16 | 2.6 LOW | 5.3 MEDIUM |
| Apache Cordova Android before 3.7.2 and 4.x before 4.0.2, when an application does not set explicit values in config.xml, allows remote attackers to modify undefined secondary configuration variables (preferences) via a crafted intent: URL. | |||||
| CVE-2016-1563 | 1 Netapp | 1 Clustered Data Ontap | 2017-11-16 | 5.8 MEDIUM | 6.8 MEDIUM |
| NetApp Clustered Data ONTAP 8.3.1 does not properly verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2017-6141 | 1 F5 | 8 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Application Acceleration Manager and 5 more | 2017-11-15 | 4.3 MEDIUM | 5.9 MEDIUM |
| In F5 BIG-IP LTM, AAM, AFM, APM, ASM, Link Controller, PEM, and WebSafe 12.1.0 through 12.1.2, certain values in a TLS abbreviated handshake when using a client SSL profile with the Session Ticket option enabled may cause disruption of service to the Traffic Management Microkernel (TMM). The Session Ticket option is disabled by default. | |||||
| CVE-2017-14696 | 1 Saltstack | 1 Salt | 2017-11-15 | 5.0 MEDIUM | 7.5 HIGH |
| SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote attackers to cause a denial of service via a crafted authentication request. | |||||
| CVE-2013-3609 | 1 Supermicro | 133 H8dcl-6f, H8dcl-if, H8dct-hibqf and 130 more | 2017-11-15 | 10.0 HIGH | N/A |
| The web interface in the Intelligent Platform Management Interface (IPMI) implementation on Supermicro H8DC*, H8DG*, H8SCM-F, H8SGL-F, H8SM*, X7SP*, X8DT*, X8SI*, X9DAX-*, X9DB*, X9DR*, X9QR*, X9SBAA-F, X9SC*, X9SPU-F, and X9SR* devices relies on JavaScript code on the client for authorization checks, which allows remote authenticated users to bypass intended access restrictions via a crafted request, related to the PrivilegeCallBack function. | |||||
| CVE-2014-0095 | 1 Apache | 1 Tomcat | 2017-11-15 | 5.0 MEDIUM | N/A |
| java/org/apache/coyote/ajp/AbstractAjpProcessor.java in Apache Tomcat 8.x before 8.0.4 allows remote attackers to cause a denial of service (thread consumption) by using a "Content-Length: 0" AJP request to trigger a hang in request processing. | |||||
| CVE-2013-3608 | 1 Supermicro | 133 H8dcl-6f, H8dcl-if, H8dct-hibqf and 130 more | 2017-11-15 | 10.0 HIGH | N/A |
| The web interface in the Intelligent Platform Management Interface (IPMI) implementation on Supermicro H8DC*, H8DG*, H8SCM-F, H8SGL-F, H8SM*, X7SP*, X8DT*, X8SI*, X9DAX-*, X9DB*, X9DR*, X9QR*, X9SBAA-F, X9SC*, X9SPU-F, and X9SR* devices allows remote authenticated users to execute arbitrary commands via shell metacharacters, as demonstrated by the IP address field in config_date_time.cgi. | |||||
| CVE-2017-15879 | 1 Keystonejs | 1 Keystone | 2017-11-14 | 6.8 MEDIUM | 8.8 HIGH |
| CSV Injection (aka Excel Macro Injection or Formula Injection) exists in admin/server/api/download.js and lib/list/getCSVData.js in KeystoneJS before 4.0.0-beta.7 via a value that is mishandled in a CSV export. | |||||
| CVE-2017-8994 | 1 Hp | 1 Operations Orchestration | 2017-11-09 | 7.5 HIGH | 9.8 CRITICAL |
| A input validation vulnerability in HPE Operations Orchestration product all versions prior to 10.80, allows for the execution of code remotely. | |||||
| CVE-2017-2132 | 1 Panasonic | 2 Kx-hjb1000, Kx-hjb1000 Firmware | 2017-11-08 | 6.4 MEDIUM | 7.5 HIGH |
| Panasonic KX-HJB1000 Home unit devices with firmware GHX1YG 14.50 or HJB1000_4.47 allow an attacker to delete arbitrary files in a specific directory via unspecified vectors. | |||||
| CVE-2014-9678 | 1 Flowpaper | 1 Flexpaper | 2017-11-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| FlexPaperViewer.swf in Flexpaper before 2.3.1 allows remote attackers to conduct content-spoofing attacks via the Swfile parameter. | |||||
| CVE-2014-9733 | 1 Nwjs | 1 Nw.js | 2017-11-08 | 7.5 HIGH | 9.8 CRITICAL |
| nw.js before 0.11.5 can simulate user input events in a normal frame, which allows remote attackers to have unspecified impact via unknown vectors. | |||||
| CVE-2017-3759 | 1 Lenovo | 1 Service Framework | 2017-11-08 | 6.8 MEDIUM | 8.1 HIGH |
| The Lenovo Service Framework Android application accepts some responses from the server without proper validation. This exposes the application to man-in-the-middle attacks leading to possible remote code execution. | |||||
| CVE-2013-6049 | 2 Apt-listbugs Project, Debian | 2 Apt-listbugs, Debian Linux | 2017-11-08 | 4.6 MEDIUM | 7.8 HIGH |
| apt-listbugs before 0.1.10 creates temporary files insecurely, which allows attackers to have unspecified impact via unknown vectors. | |||||
| CVE-2016-8218 | 1 Cloudfoundry | 2 Cf-release, Routing-release | 2017-11-08 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Cloud Foundry Foundation routing-release versions prior to 0.142.0 and cf-release versions 203 to 231. Incomplete validation logic in JSON Web Token (JWT) libraries can allow unprivileged attackers to impersonate other users to the routing API, aka an "Unauthenticated JWT signing algorithm in routing" issue. | |||||
| CVE-2015-2754 | 2 Debian, Gaia-gis | 2 Debian Linux, Freexl | 2017-11-08 | 6.8 MEDIUM | N/A |
| FreeXL before 1.0.0i allows remote attackers to cause a denial of service (stack corruption) and possibly execute arbitrary code via a crafted workbook, related to a "premature EOF." | |||||
| CVE-2017-15185 | 1 Libmp3splt Project | 1 Libmp3splt | 2017-11-05 | 4.3 MEDIUM | 5.0 MEDIUM |
| plugins/ogg.c in Libmp3splt 0.9.2 calls the libvorbis vorbis_block_clear function with uninitialized data upon detection of invalid input, which allows remote attackers to cause a denial of service (application crash) via a crafted file. | |||||
| CVE-2015-8215 | 1 Linux | 1 Linux Kernel | 2017-11-04 | 5.0 MEDIUM | N/A |
| net/ipv6/addrconf.c in the IPv6 stack in the Linux kernel before 4.0 does not validate attempted changes to the MTU value, which allows context-dependent attackers to cause a denial of service (packet loss) via a value that is (1) smaller than the minimum compliant value or (2) larger than the MTU of an interface, as demonstrated by a Router Advertisement (RA) message that is not validated by a daemon, a different vulnerability than CVE-2015-0272. NOTE: the scope of CVE-2015-0272 is limited to the NetworkManager product. | |||||
| CVE-2016-10024 | 2 Citrix, Xen | 2 Xenserver, Xen | 2017-11-04 | 4.9 MEDIUM | 6.0 MEDIUM |
| Xen through 4.8.x allows local x86 PV guest OS kernel administrators to cause a denial of service (host hang or crash) by modifying the instruction stream asynchronously while performing certain kernel operations. | |||||
| CVE-2017-10918 | 1 Xen | 1 Xen | 2017-11-04 | 10.0 HIGH | 10.0 CRITICAL |
| Xen through 4.8.x does not validate memory allocations during certain P2M operations, which allows guest OS users to obtain privileged host OS access, aka XSA-222. | |||||