Total
31890 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-5824 | 1 Hp | 1 Aruba Clearpass Policy Manager | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
An unauthenticated remote code execution vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found. | |||||
CVE-2017-5823 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found. | |||||
CVE-2017-5822 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found. | |||||
CVE-2017-5821 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found. | |||||
CVE-2017-5820 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found. | |||||
CVE-2017-5813 | 1 Hp | 1 Network Automation | 2024-11-21 | 6.8 MEDIUM | 6.3 MEDIUM |
A remote unauthenticated access vulnerability in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found. | |||||
CVE-2017-5802 | 1 Hp | 1 Vertica | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
A Remote Gain Privileged Access vulnerability in HPE Vertica Analytics Platform version v4.1 and later was found. | |||||
CVE-2017-5787 | 1 Hp | 1 Version Control Repository Manager | 2024-11-21 | 6.8 MEDIUM | 6.5 MEDIUM |
A remote denial of service vulnerability in HPE Version Control Repository Manager (VCRM) in all versions prior to 7.6 was found. | |||||
CVE-2017-5786 | 1 Hp | 12 Officeconnect 1820 24g Poe\+ \(185w\) Switch J9983a, Officeconnect 1820 24g Poe\+ \(185w\) Switch J9983a Firmware, Officeconnect 1820 24g Switch J9980a and 9 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
A local Unauthorized Data Modification vulnerability in HPE OfficeConnect Network Switches version PT.02.01 including PT.01.03 through PT.01.14 | |||||
CVE-2017-5455 | 2 Mozilla, Redhat | 8 Firefox, Firefox Esr, Enterprise Linux and 5 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
The internal feed reader APIs that crossed the sandbox barrier allowed for a sandbox escape and escalation of privilege if combined with another vulnerability that resulted in remote code execution inside the sandboxed process. This vulnerability affects Firefox ESR < 52.1 and Firefox < 53. | |||||
CVE-2017-5419 | 1 Mozilla | 2 Firefox, Thunderbird | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
If a malicious site repeatedly triggers a modal authentication prompt, eventually the browser UI will become non-responsive, requiring shutdown through the operating system. This is a denial of service (DOS) attack. This vulnerability affects Firefox < 52 and Thunderbird < 52. | |||||
CVE-2017-5391 | 1 Mozilla | 1 Firefox | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
Special "about:" pages used by web content, such as RSS feeds, can load privileged "about:" pages in an iframe. If a content-injection bug were found in one of those pages this could allow for potential privilege escalation. This vulnerability affects Firefox < 51. | |||||
CVE-2017-5390 | 3 Debian, Mozilla, Redhat | 10 Debian Linux, Firefox, Firefox Esr and 7 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
The JSON viewer in the Developer Tools uses insecure methods to create a communication channel for copying and viewing JSON or HTTP headers data, allowing for potential privilege escalation. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51. | |||||
CVE-2017-5386 | 3 Debian, Mozilla, Redhat | 9 Debian Linux, Firefox, Firefox Esr and 6 more | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
WebExtension scripts can use the "data:" protocol to affect pages loaded by other web extensions using this protocol, leading to potential data disclosure or privilege escalation in affected extensions. This vulnerability affects Firefox ESR < 45.7 and Firefox < 51. | |||||
CVE-2017-4945 | 2 Apple, Vmware | 3 Mac Os X, Fusion, Workstation | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
VMware Workstation (14.x and 12.x) and Fusion (10.x and 8.x) contain a guest access control vulnerability. This issue may allow program execution via Unity on locked Windows VMs. VMware Tools must be updated to 10.2.0 for each VM to resolve CVE-2017-4945. VMware Tools 10.2.0 is consumed by Workstation 14.1.0 and Fusion 10.1.0 by default. | |||||
CVE-2017-3960 | 1 Mcafee | 1 Network Security Manager | 2024-11-21 | 6.5 MEDIUM | 5.9 MEDIUM |
Exploitation of Authorization vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows authenticated users to gain elevated privileges via a crafted HTTP request parameter. | |||||
CVE-2017-3718 | 1 Intel | 29 Compute Card Cd1iv128mk, Compute Card Cd1m3128mk, Compute Card Cd1p64gk and 26 more | 2024-11-21 | 4.6 MEDIUM | 6.2 MEDIUM |
Improper setting of device configuration in system firmware for Intel(R) NUC kits may allow a privileged user to potentially enable escalation of privilege via physical access. | |||||
CVE-2017-3160 | 1 Apache | 1 Cordova | 2024-11-21 | 5.8 MEDIUM | 7.4 HIGH |
After the Android platform is added to Cordova the first time, or after a project is created using the build scripts, the scripts will fetch Gradle on the first build. However, since the default URI is not using https, it is vulnerable to a MiTM and the Gradle executable is not safe. The severity of this issue is high due to the fact that the build scripts immediately start a build after Gradle has been fetched. Developers who are concerned about this issue should install version 6.1.2 or higher of Cordova-Android. If developers are unable to install the latest version, this vulnerability can easily be mitigated by setting the CORDOVA_ANDROID_GRADLE_DISTRIBUTION_URL environment variable to https://services.gradle.org/distributions/gradle-2.14.1-all.zip | |||||
CVE-2017-3143 | 3 Debian, Isc, Redhat | 8 Debian Linux, Bind, Enterprise Linux Desktop and 5 more | 2024-11-21 | 4.3 MEDIUM | 7.5 HIGH |
An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name for the zone and service being targeted may be able to manipulate BIND into accepting an unauthorized dynamic update. Affects BIND 9.4.0->9.8.8, 9.9.0->9.9.10-P1, 9.10.0->9.10.5-P1, 9.11.0->9.11.1-P1, 9.9.3-S1->9.9.10-S2, 9.10.5-S1->9.10.5-S2. | |||||
CVE-2017-2874 | 1 Foscam | 2 C1, C1 Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
An information disclosure vulnerability exists in the Multi-Camera interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted request on port 10001 can allow for a user to retrieve sensitive information without authentication. |