Total
316927 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-14202 | 1 Zephyrproject | 1 Zephyr | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in the shell component of Zephyr allows a serial or telnet connected user to cause a crash, possibly with arbitrary code execution. This issue affects: Zephyr shell versions prior to 1.14.0 on all. | |||||
| CVE-2017-14201 | 1 Zephyrproject | 1 Zephyr | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Use After Free vulnerability in the Zephyr shell allows a serial or telnet connected user to cause denial of service, and possibly remote code execution. This issue affects: Zephyr shell versions prior to 1.14.0 on all. | |||||
| CVE-2017-14199 | 1 Zephyrproject | 1 Zephyr | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A buffer overflow has been found in the Zephyr Project's getaddrinfo() implementation in 1.9.0 and 1.10.0. | |||||
| CVE-2017-14191 | 1 Fortinet | 1 Fortiweb | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| An Improper Access Control vulnerability in Fortinet FortiWeb 5.6.0 up to but not including 6.1.0 under "Signed Security Mode", allows attacker to bypass the signed user cookie protection by removing the FortiWeb own protection session cookie. | |||||
| CVE-2017-14190 | 1 Fortinet | 1 Fortios | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-site Scripting vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.7, 5.2 and earlier, allows attacker to inject arbitrary web script or HTML via maliciously crafted "Host" header in user HTTP requests. | |||||
| CVE-2017-14187 | 1 Fortinet | 1 Fortios | 2024-11-21 | 7.2 HIGH | 6.2 MEDIUM |
| A local privilege escalation and local code execution vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.8, and 5.2 and below versions allows attacker to execute unauthorized binary program contained on an USB drive plugged into a FortiGate via linking the aforementioned binary program to a command that is allowed to be run by the fnsysctl CLI command. | |||||
| CVE-2017-14185 | 1 Fortinet | 1 Fortios | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An Information Disclosure vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.8 and 5.2 all versions allows SSL VPN web portal users to access internal FortiOS configuration information (eg:addresses) via specifically crafted URLs inside the SSL-VPN web portal. | |||||
| CVE-2017-14179 | 2 Apport Project, Canonical | 2 Apport, Ubuntu Linux | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| Apport before 2.13 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion, possibly gain root privileges, or escape from containers. | |||||
| CVE-2017-14178 | 1 Snapcraft | 1 Snapd | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In snapd 2.27 through 2.29.2 the 'snap logs' command could be made to call journalctl without match arguments and therefore allow unprivileged, unauthenticated users to bypass systemd-journald's access restrictions. | |||||
| CVE-2017-14177 | 2 Apport Project, Canonical | 2 Apport, Ubuntu Linux | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| Apport through 2.20.7 does not properly handle core dumps from setuid binaries allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root privileges. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1324. | |||||
| CVE-2017-14097 | 1 Trendmicro | 1 Smart Protection Server | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| An improper access control vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to decrypt contents of a database with information that could be used to access a vulnerable system. | |||||
| CVE-2017-14096 | 1 Trendmicro | 1 Smart Protection Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A stored cross site scripting (XSS) vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to execute a malicious payload on vulnerable systems. | |||||
| CVE-2017-14095 | 1 Trendmicro | 1 Smart Protection Server | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| A vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to perform remote command execution via a local file inclusion on a vulnerable system. | |||||
| CVE-2017-14094 | 1 Trendmicro | 1 Smart Protection Server | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to perform remote command execution via a cron job injection on a vulnerable system. | |||||
| CVE-2017-14082 | 1 Trendmicro | 1 Mobile Security | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An uninitialized pointer information disclosure vulnerability in Trend Micro Mobile Security (Enterprise) versions 9.7 and below could allow an unauthenticated remote attacker to disclosure sensitive information on a vulnerable system. | |||||
| CVE-2017-14030 | 1 Moxa | 1 Mxview | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was discovered in Moxa MXview v2.8 and prior. The unquoted service path escalation vulnerability could allow an authorized user with file access to escalate privileges by inserting arbitrary code into the unquoted service path. | |||||
| CVE-2017-14026 | 1 Iceqube | 2 Thermal Management Center, Thermal Management Center Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In Ice Qube Thermal Management Center versions prior to version 4.13, the web application does not properly authenticate users which may allow an attacker to gain access to sensitive information. | |||||
| CVE-2017-14014 | 1 Bostonscientific | 2 Zoom Latitude Prm 3120, Zoom Latitude Prm 3120 Firmware | 2024-11-21 | 2.1 LOW | 4.6 MEDIUM |
| Boston Scientific ZOOM LATITUDE PRM Model 3120 uses a hard-coded cryptographic key to encrypt PHI prior to having it transferred to removable media. CVSS v3 base score: 4.6; CVSS vector string: AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N. | |||||
| CVE-2017-14012 | 1 Bostonscientific | 2 Zoom Latitude Prm 3120, Zoom Latitude Prm 3120 Firmware | 2024-11-21 | 2.1 LOW | 4.6 MEDIUM |
| Boston Scientific ZOOM LATITUDE PRM Model 3120 does not encrypt PHI at rest. CVSS v3 base score: 4.6; CVSS vector string: AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N. | |||||
| CVE-2017-14010 | 2 Microsoft, Spidercontrol | 6 Windows 10, Windows 7, Windows 8 and 3 more | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| In SpiderControl MicroBrowser Windows XP, Vista 7, 8 and 10, Versions 1.6.30.144 and prior, an uncontrolled search path element vulnerability has been identified which could be exploited by placing a specially crafted DLL file in the search path. If the malicious DLL is loaded prior to the valid DLL, an attacker could execute arbitrary code on the system. | |||||