Total
11158 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-15389 | 2 Debian, Google | 2 Debian Linux, Chrome | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| An insufficient watchdog timer in navigation in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | |||||
| CVE-2017-15386 | 2 Debian, Google | 2 Debian Linux, Chrome | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Incorrect implementation in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | |||||
| CVE-2017-15348 | 1 Huawei | 16 Ips Module, Ips Module Firmware, Ngfw Module and 13 more | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| Huawei IPS Module V500R001C00, NGFW Module V500R001C00, NIP6300 V500R001C00, NIP6600 V500R001C00, Secospace USG6300 V500R001C00, Secospace USG6500 V500R001C00, Secospace USG6600 V500R001C00, USG9500 V500R001C00 have an insufficient input validation vulnerability. An unauthenticated, remote attacker could send specific MPLS Echo Request messages to the target products. Due to insufficient input validation of some parameters in the messages, successful exploit may cause the device to reset. | |||||
| CVE-2017-15346 | 1 Huawei | 14 Ecns210 Td, Ecns210 Td Firmware, S12700 and 11 more | 2024-11-21 | 4.3 MEDIUM | 4.7 MEDIUM |
| XML parser in Huawei S12700 V200R005C00,S1700 V200R009C00, V200R010C00,S3700 V100R006C03, V100R006C05,S5700 V200R001C00, V200R002C00, V200R003C00, V200R003C02, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00,S6700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R005C02, V200R008C00, V200R009C00, V200R010C00,S7700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00,S9700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00,eCNS210_TD V100R004C10, V100R004C10SPC003, V100R004C10SPC100, V100R004C10SPC101, V100R004C10SPC102, V100R004C10SPC200, V100R004C10SPC221, V100R004C10SPC400 has a DOS vulnerability. An attacker may craft specific XML files to the affected products. Due to not check the specially XML file and to parse this file, successful exploit will result in DOS attacks. | |||||
| CVE-2017-15333 | 1 Huawei | 14 Ecns210 Td, Ecns210 Td Firmware, S12700 and 11 more | 2024-11-21 | 4.3 MEDIUM | 4.7 MEDIUM |
| XML parser in Huawei S12700 V200R005C00,S1700 V200R009C00, V200R010C00,S3700 V100R006C03, V100R006C05,S5700 V200R001C00, V200R002C00, V200R003C00, V200R003C02, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00,S6700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R005C02, V200R008C00, V200R009C00, V200R010C00,S7700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00,S9700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00,eCNS210_TD V100R004C10, V100R004C10SPC003, V100R004C10SPC100, V100R004C10SPC101, V100R004C10SPC102, V100R004C10SPC200, V100R004C10SPC221, V100R004C10SPC400 has a DOS vulnerability. An attacker may craft specific XML files to the affected products. Due to not check the specially XML file and to parse this file, successful exploit will result in DOS attacks. | |||||
| CVE-2017-15137 | 1 Redhat | 2 Openshift, Openshift Container Platform | 2024-11-21 | 5.0 MEDIUM | 4.3 MEDIUM |
| The OpenShift image import whitelist failed to enforce restrictions correctly when running commands such as "oc tag", for example. This could allow a user with access to OpenShift to run images from registries that should not be allowed. | |||||
| CVE-2017-15136 | 1 Redhat | 1 Satellite | 2024-11-21 | 4.0 MEDIUM | 2.7 LOW |
| When registering and activating a new system with Red Hat Satellite 6 if the new systems hostname is then reset to the hostname of a previously registered system the previously registered system will lose access to updates including security updates. | |||||
| CVE-2017-15124 | 1 Qemu | 1 Qemu | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| VNC server implementation in Quick Emulator (QEMU) 2.11.0 and older was found to be vulnerable to an unbounded memory allocation issue, as it did not throttle the framebuffer updates sent to its client. If the client did not consume these updates, VNC server allocates growing memory to hold onto this data. A malicious remote VNC client could use this flaw to cause DoS to the server host. | |||||
| CVE-2017-15105 | 3 Canonical, Debian, Nlnetlabs | 3 Ubuntu Linux, Debian Linux, Unbound | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| A flaw was found in the way unbound before 1.6.8 validated wildcard-synthesized NSEC records. An improperly validated wildcard NSEC record could be used to prove the non-existence (NXDOMAIN answer) of an existing wildcard record, or trick unbound into accepting a NODATA proof. | |||||
| CVE-2017-15093 | 1 Powerdns | 1 Recursor | 2024-11-21 | 3.5 LOW | 5.3 MEDIUM |
| When api-config-dir is set to a non-empty value, which is not the case by default, the API in PowerDNS Recursor 4.x up to and including 4.0.6 and 3.x up to and including 3.7.4 allows an authorized user to update the Recursor's ACL by adding and removing netmasks, and to configure forward zones. It was discovered that the new netmask and IP addresses of forwarded zones were not sufficiently validated, allowing an authenticated user to inject new configuration directives into the Recursor's configuration. | |||||
| CVE-2017-15043 | 1 Sierrawireless | 20 Es440, Es440 Firmware, Es450 and 17 more | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability in Sierra Wireless AirLink GX400, GX440, ES440, and LS300 routers with firmware before 4.4.5 and GX450, ES450, RV50, RV50X, MP70, and MP70E routers with firmware before 4.9 could allow an authenticated remote attacker to execute arbitrary code and gain full control of an affected system, including issuing commands with root privileges. This vulnerability is due to insufficient input validation on user-controlled input in an HTTP request to the targeted device. An attacker in possession of router login credentials could exploit this vulnerability by sending a crafted HTTP request to an affected system. | |||||
| CVE-2017-14913 | 1 Qualcomm | 12 Mdm9206, Mdm9206 Firmware, Sd 625 and 9 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| In Android before 2018-01-05 on Qualcomm Snapdragon IoT, Snapdragon Mobile MDM9206, SD 625, SD 650/52, SD 835, SD 845, DDR address input validation is being improperly truncated. | |||||
| CVE-2017-14892 | 1 Google | 1 Android | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| In the function msm_pcm_hw_params() in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-09-19, the return value of q6asm_open_shared_io() is not checked properly potentially leading to a possible dangling pointer access. | |||||
| CVE-2017-14878 | 1 Google | 1 Android | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a length variable which is used to copy data has a size of only 8 bits and can be exceeded resulting in a denial of service. | |||||
| CVE-2017-14804 | 2 Opensuse, Suse | 2 Leap, Linux Enterprise Software Development Kit | 2024-11-21 | 5.0 MEDIUM | 9.9 CRITICAL |
| The build package before 20171128 did not check directory names during extraction of build results that allowed untrusted builds to write outside of the target system,allowing escape out of buildroots. | |||||
| CVE-2017-14439 | 1 Moxa | 2 Edr-810, Edr-810 Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Exploitable denial of service vulnerabilities exists in the Service Agent functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted packet can cause a denial of service. An attacker can send a large packet to 4001/tcp to trigger this vulnerability. | |||||
| CVE-2017-14438 | 1 Moxa | 2 Edr-810, Edr-810 Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Exploitable denial of service vulnerabilities exists in the Service Agent functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted packet can cause a denial of service. An attacker can send a large packet to 4000/tcp to trigger this vulnerability. | |||||
| CVE-2017-13911 | 1 Apple | 1 Mac Os X | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
| A configuration issue was addressed with additional restrictions. This issue affected versions prior to macOS X El Capitan 10.11.6 Security Update 2018-002, macOS Sierra 10.12.6 Security Update 2018-002, macOS High Sierra 10.13.2. | |||||
| CVE-2017-13891 | 1 Apple | 1 Iphone Os | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| In iOS before 11.2, an inconsistent user interface issue was addressed through improved state management. | |||||
| CVE-2017-13890 | 1 Apple | 1 Mac Os X | 2024-11-21 | 4.3 MEDIUM | 7.4 HIGH |
| An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. macOS before 10.13 is affected. The issue involves the "CoreTypes" component. It allows remote attackers to trigger disk-image mounting via a crafted web site. | |||||