Weekly Vulnerabilities Reports > February 12 to 18, 2018
Overview
524 new vulnerabilities reported during this period, including 122 critical vulnerabilities and 100 high severity vulnerabilities. This weekly summary report vulnerabilities in 480 products from 105 vendors including HP, Huawei, Microsoft, SAP, and Google. Vulnerabilities are notably categorized as "Improper Input Validation", "Information Exposure", "SQL Injection", "Cross-site Scripting", and "Improper Restriction of Operations within the Bounds of a Memory Buffer".
- 452 reported vulnerabilities are remotely exploitables.
- 76 reported vulnerabilities have public exploit available.
- 126 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 353 reported vulnerabilities are exploitable by an anonymous user.
- HP has the most reported vulnerabilities, with 184 reported vulnerabilities.
- HP has the most reported critical vulnerabilities, with 99 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
122 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2018-02-15 | CVE-2017-8981 | HP | Improper Input Validation vulnerability in HP Intelligent Management Center 7.3 A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0506 was found. | 10.0 |
2018-02-15 | CVE-2017-8976 | HP | Improper Input Validation vulnerability in HP Moonshot Provisioning Manager Appliance 1.20 A Remote Code Execution vulnerability in Hewlett Packard Enterprise Moonshot Provisioning Manager Appliance version v1.20 was found. | 10.0 |
2018-02-15 | CVE-2017-8975 | HP | Improper Input Validation vulnerability in HP Moonshot Provisioning Manager Appliance 1.20 A Remote Code Execution vulnerability in Hewlett Packard Enterprise Moonshot Provisioning Manager Appliance version v1.20 was found. | 10.0 |
2018-02-15 | CVE-2017-8957 | HP | Improper Input Validation vulnerability in HP Intelligent Management Center 7.2 A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.2 was found. | 10.0 |
2018-02-15 | CVE-2017-8956 | HP | Improper Input Validation vulnerability in HP Intelligent Management Center 7.3 A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found. | 10.0 |
2018-02-15 | CVE-2017-8954 | HP | Improper Input Validation vulnerability in HP Intelligent Management Center 7.2 A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.2 was found. | 10.0 |
2018-02-15 | CVE-2017-8948 | HP | Unspecified vulnerability in HP Network Node Manager I A Remote Bypass Security Restriction vulnerability in HPE Network Node Manager i (NNMi) Software versions v10.0x, v10.1x, v10.2x was found. | 10.0 |
2018-02-15 | CVE-2017-8947 | HP | Path Traversal vulnerability in HP Ucmdb Configuration Manager A Remote Code Execution vulnerability in HPE UCMDB version v10.10, v10.11, v10.20, v10.21, v10.22, v10.30, v10.31 was found. | 10.0 |
2018-02-15 | CVE-2017-5824 | HP | Multiple Security vulnerability in ClearPass Policy Manager An unauthenticated remote code execution vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found. | 10.0 |
2018-02-15 | CVE-2017-5823 | HP | Unspecified vulnerability in HP Intelligent Management Center 7.3 A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found. | 10.0 |
2018-02-15 | CVE-2017-5821 | HP | Unspecified vulnerability in HP Intelligent Management Center A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found. | 10.0 |
2018-02-15 | CVE-2017-5820 | HP | Unspecified vulnerability in HP Intelligent Management Center A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found. | 10.0 |
2018-02-15 | CVE-2017-5819 | HP | Improper Input Validation vulnerability in HP Intelligent Management Center 7.3 A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found. | 10.0 |
2018-02-15 | CVE-2017-5817 | HP | Improper Input Validation vulnerability in HP Intelligent Management Center 7.3 A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found. | 10.0 |
2018-02-15 | CVE-2017-5816 | HP | Improper Input Validation vulnerability in HP Intelligent Management Center A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found. | 10.0 |
2018-02-15 | CVE-2017-5815 | HP | Improper Input Validation vulnerability in HP Intelligent Management Center A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found. | 10.0 |
2018-02-15 | CVE-2017-5814 | HP | SQL Injection vulnerability in HP Network Automation A remote sql injection authentication bypass in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found. | 10.0 |
2018-02-15 | CVE-2017-5807 | HP | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in HP Data Protector A Remote Arbitrary Code Execution vulnerability in HPE Data Protector version prior to 8.17 and 9.09 was found. | 10.0 |
2018-02-15 | CVE-2017-5806 | HP | Improper Input Validation vulnerability in HP Intelligent Management Center 7.2 A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.2 was found. | 10.0 |
2018-02-15 | CVE-2017-5805 | HP | Improper Input Validation vulnerability in HP Intelligent Management Center 7.2 A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.2 was found. | 10.0 |
2018-02-15 | CVE-2017-5804 | HP | Integer Overflow or Wraparound vulnerability in HP Intelligent Management Center 7.2 A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.2 was found. | 10.0 |
2018-02-15 | CVE-2017-5802 | HP | Remote Privilege Escalation vulnerability in HP Vertica Analytics Platform A Remote Gain Privileged Access vulnerability in HPE Vertica Analytics Platform version v4.1 and later was found. | 10.0 |
2018-02-15 | CVE-2017-5790 | HP | Deserialization of Untrusted Data vulnerability in HP Intelligent Management Center 7.2 A remote deserialization of untrusted data vulnerability in HPE Intelligent Management Center (IMC) PLAT version 7.2 E0403P06 was found. | 10.0 |
2018-02-15 | CVE-2017-12561 | HP | Access of Uninitialized Pointer vulnerability in HP Intelligent Management Center A remote code execution vulnerability in HPE intelligent Management Center (iMC) PLAT version Plat 7.3 E0504P4 and earlier was found. | 10.0 |
2018-02-15 | CVE-2017-12558 | HP | Deserialization of Untrusted Data vulnerability in HP Intelligent Management Center A Remote Code Execution vulnerability in HPE intelligent Management Center (iMC) PLAT version IMC Plat 7.3 E0504P2 and earlier was found. | 10.0 |
2018-02-15 | CVE-2017-12557 | HP | Deserialization of Untrusted Data vulnerability in HP Intelligent Management Center A Remote Code Execution vulnerability in HPE intelligent Management Center (iMC) PLAT version IMC Plat 7.3 E0504P2 and earlier was found. | 10.0 |
2018-02-15 | CVE-2017-12556 | HP | Deserialization of Untrusted Data vulnerability in HP Intelligent Management Center A Remote Code Execution vulnerability in HPE intelligent Management Center (iMC) PLAT version IMC Plat 7.3 E0504P2 and earlier was found. | 10.0 |
2018-02-15 | CVE-2017-12542 | HP | Unspecified vulnerability in HP Integrated Lights-Out 4 Firmware A authentication bypass and execution of code vulnerability in HPE Integrated Lights-out 4 (iLO 4) version prior to 2.53 was found. | 10.0 |
2018-02-15 | CVE-2016-8519 | HP | Deserialization of Untrusted Data vulnerability in HP Operations Orchestration A remote code execution vulnerability in HPE Operations Orchestration Community edition and Enterprise edition prior to v10.70 was found. | 10.0 |
2018-02-13 | CVE-2018-6911 | Advantech | OS Command Injection vulnerability in Advantech Webaccess 8.3.0 The VBWinExec function in Node\AspVBObj.dll in Advantech WebAccess 8.3.0 allows remote attackers to execute arbitrary OS commands via a single argument (aka the command parameter). | 10.0 |
2018-02-13 | CVE-2018-6292 | Hyland | Unspecified vulnerability in Hyland Saperion web Client 7.5.2 Remote Code Execution in Saperion Web Client version 7.5.2 83166. | 10.0 |
2018-02-12 | CVE-2017-13229 | Improper Input Validation vulnerability in Google Android A remote code execution vulnerability in the Android media framework (n/a). | 10.0 | |
2018-02-16 | CVE-2018-7186 | Leptonica Debian | Out-of-bounds Write vulnerability in multiple products Leptonica before 1.75.3 does not limit the number of characters in a %s format argument to fscanf or sscanf, which allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a long string, as demonstrated by the gplotRead and ptaReadStream functions. | 9.8 |
2018-02-14 | CVE-2018-1287 | Apache | Unspecified vulnerability in Apache Jmeter In Apache JMeter 2.X and 3.X, when using Distributed Test only (RMI based), jmeter server binds RMI Registry to wildcard host. | 9.8 |
2018-02-13 | CVE-2018-1297 | Apache | Cleartext Transmission of Sensitive Information vulnerability in Apache Jmeter When using Distributed Test only (RMI based), Apache JMeter 2.x and 3.x uses an unsecured RMI connection. | 9.8 |
2018-02-16 | CVE-2018-7187 | Golang Debian | OS Command Injection vulnerability in multiple products The "go get" implementation in Go 1.9.4, when the -insecure command-line option is used, does not validate the import path (get/vcs.go only checks for "://" anywhere in the string), which allows remote attackers to execute arbitrary OS commands via a crafted web site. | 9.3 |
2018-02-15 | CVE-2017-8984 | HP | Unspecified vulnerability in HP Intelligent Management Center 7.3 A remote code execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0506P03 was found. | 9.3 |
2018-02-15 | CVE-2017-8958 | HP | Unspecified vulnerability in HP Intelligent Management Center A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 and earlier was found. | 9.3 |
2018-02-15 | CVE-2017-5796 | HP | Cross-Site Request Forgery (CSRF) vulnerability in HP products A Remote Cross Site Request Forgery (CSRF) vulnerability in HPE 2620 Series Network Switches version RA.15.05.0006 was found. | 9.3 |
2018-02-15 | CVE-2018-0866 | Microsoft | Out-of-bounds Write vulnerability in Microsoft Internet Explorer 10/11/9 Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". | 9.3 |
2018-02-15 | CVE-2018-0861 | Microsoft | Out-of-bounds Write vulnerability in Microsoft Edge Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". | 9.3 |
2018-02-15 | CVE-2018-0858 | Microsoft | Out-of-bounds Write vulnerability in Microsoft Chakracore ChakraCore allows remote code execution, due to how the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". | 9.3 |
2018-02-15 | CVE-2018-0852 | Microsoft | Out-of-bounds Write vulnerability in Microsoft Office and Outlook Microsoft Outlook 2007 SP3, Microsoft Outlook 2010 SP2, Microsoft Outlook 2013 SP1 and RT SP1, Microsoft Outlook 2016, and Microsoft Office 2016 Click-to-Run (C2R) allow a remote code execution vulnerability, due to how Outlook handles objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". | 9.3 |
2018-02-15 | CVE-2018-0851 | Microsoft | Out-of-bounds Write vulnerability in Microsoft Office, Office Word Viewer and Outlook Microsoft Office 2007 SP2, Microsoft Office Word Viewer, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1 and RT SP1, Microsoft Office 2016, and Microsoft Office 2016 Click-to-Run (C2R) allow a remote code execution vulnerability, due to how Office handles objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". | 9.3 |
2018-02-15 | CVE-2018-0841 | Microsoft | Unspecified vulnerability in Microsoft Office 2016 Microsoft Office 2016 Click-to-Run allows a remote code execution vulnerability due to how objects are handled in memory, aka "Office Remote Code Execution Vulnerability" | 9.3 |
2018-02-15 | CVE-2018-0840 | Microsoft | Out-of-bounds Write vulnerability in Microsoft Edge and Internet Explorer Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". | 9.3 |
2018-02-15 | CVE-2018-0834 | Microsoft | Out-of-bounds Write vulnerability in Microsoft Chakracore and Edge Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". | 9.3 |
2018-02-12 | CVE-2017-13230 | Out-of-bounds Write vulnerability in Google Android In hevc codec, there is an out-of-bounds write due to an incorrect bounds check with the i2_pic_width_in_luma_samples value. | 9.3 | |
2018-02-12 | CVE-2017-13228 | Out-of-bounds Write vulnerability in Google Android In function ih264d_ref_idx_reordering of libavc, there is an out-of-bounds write due to modCount being defined as an unsigned character. | 9.3 | |
2018-02-16 | CVE-2017-14535 | Netfortris | OS Command Injection vulnerability in Netfortris Trixbox 2.8.0.4 trixbox 2.8.0.4 has OS command injection via shell metacharacters in the lang parameter to /maint/modules/home/index.php. | 9.0 |
2018-02-15 | CVE-2017-8983 | HP | Improper Input Validation vulnerability in HP Intelligent Management Center 7.3 A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P4 was found. | 9.0 |
2018-02-15 | CVE-2017-8967 | HP | Deserialization of Untrusted Data vulnerability in HP Intelligent Management Center 7.3 A Deserialization of Untrusted Data vulnerability in Hewlett Packard Enterprise Intelligent Management Center (iMC) PLAT version 7.3 E0504P2 was found. | 9.0 |
2018-02-15 | CVE-2017-8966 | HP | Deserialization of Untrusted Data vulnerability in HP Intelligent Management Center 7.3 A Deserialization of Untrusted Data vulnerability in Hewlett Packard Enterprise Intelligent Management Center (iMC) PLAT version 7.3 E0504P2 was found. | 9.0 |
2018-02-15 | CVE-2017-8965 | HP | Deserialization of Untrusted Data vulnerability in HP Intelligent Management Center 7.3 A Deserialization of Untrusted Data vulnerability in Hewlett Packard Enterprise Intelligent Management Center (iMC) PLAT version 7.3 E0504P2 was found. | 9.0 |
2018-02-15 | CVE-2017-8964 | HP | Deserialization of Untrusted Data vulnerability in HP Intelligent Management Center 7.3 A Deserialization of Untrusted Data vulnerability in Hewlett Packard Enterprise Intelligent Management Center (iMC) PLAT version 7.3 E0504P2 was found. | 9.0 |
2018-02-15 | CVE-2017-8963 | HP | Deserialization of Untrusted Data vulnerability in HP Intelligent Management Center 7.3 A Deserialization of Untrusted Data vulnerability in Hewlett Packard Enterprise Intelligent Management Center (iMC) PLAT version 7.3 E0504P2 was found. | 9.0 |
2018-02-15 | CVE-2017-8962 | HP | Deserialization of Untrusted Data vulnerability in HP Intelligent Management Center 7.3 A Deserialization of Untrusted Data vulnerability in Hewlett Packard Enterprise Intelligent Management Center (iMC) PLAT version 7.3 E0504P2 was found. | 9.0 |
2018-02-15 | CVE-2017-8961 | HP | Path Traversal vulnerability in HP Intelligent Management Center 7.3 A directory traversal vulnerability in HPE Intelligent Management Center (IMC) PLAT 7.3 E0504P02 could allow remote code execution. | 9.0 |
2018-02-15 | CVE-2017-5794 | HP | Improper Input Validation vulnerability in HP Intelligent Management Center 7.2 A Remote Arbitrary File Download vulnerability in HPE Intelligent Management Center (IMC) PLAT version 7.2 E0403P06 was found. | 9.0 |
2018-02-15 | CVE-2017-5793 | HP | Improper Input Validation vulnerability in HP Intelligent Management Center 7.2 A Remote Arbitrary Code Execution vulnerability in HPE Intelligent Management Center (IMC) PLAT version 7.2 E0403P06 was found. | 9.0 |
2018-02-15 | CVE-2017-12554 | HP | Improper Input Validation vulnerability in HP Intelligent Management Center A remote code execution vulnerability in HPE intelligent Management Center (iMC) PLAT iMC Plat 7.3 E0504P2 and earlier was found. | 9.0 |
2018-02-15 | CVE-2017-12541 | HP | Improper Input Validation vulnerability in HP Intelligent Management Center 7.3 A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. | 9.0 |
2018-02-15 | CVE-2017-12540 | HP | Improper Input Validation vulnerability in HP Intelligent Management Center 7.3 A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. | 9.0 |
2018-02-15 | CVE-2017-12539 | HP | Improper Input Validation vulnerability in HP Intelligent Management Center 7.3 A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. | 9.0 |
2018-02-15 | CVE-2017-12538 | HP | Improper Input Validation vulnerability in HP Intelligent Management Center 7.3 A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. | 9.0 |
2018-02-15 | CVE-2017-12537 | HP | Improper Input Validation vulnerability in HP Intelligent Management Center 7.3 A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. | 9.0 |
2018-02-15 | CVE-2017-12536 | HP | Improper Input Validation vulnerability in HP Intelligent Management Center 7.3 A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. | 9.0 |
2018-02-15 | CVE-2017-12535 | HP | Improper Input Validation vulnerability in HP Intelligent Management Center 7.3 A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. | 9.0 |
2018-02-15 | CVE-2017-12534 | HP | Improper Input Validation vulnerability in HP Intelligent Management Center 7.3 A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. | 9.0 |
2018-02-15 | CVE-2017-12533 | HP | Improper Input Validation vulnerability in HP Intelligent Management Center 7.3 A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. | 9.0 |
2018-02-15 | CVE-2017-12532 | HP | Improper Input Validation vulnerability in HP Intelligent Management Center 7.3 A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. | 9.0 |
2018-02-15 | CVE-2017-12531 | HP | Improper Input Validation vulnerability in HP Intelligent Management Center 7.3 A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. | 9.0 |
2018-02-15 | CVE-2017-12530 | HP | Improper Input Validation vulnerability in HP Intelligent Management Center 7.3 A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. | 9.0 |
2018-02-15 | CVE-2017-12529 | HP | Improper Input Validation vulnerability in HP Intelligent Management Center 7.3 A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. | 9.0 |
2018-02-15 | CVE-2017-12528 | HP | Improper Input Validation vulnerability in HP Intelligent Management Center 7.3 A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. | 9.0 |
2018-02-15 | CVE-2017-12527 | HP | Improper Input Validation vulnerability in HP Intelligent Management Center 7.3 A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. | 9.0 |
2018-02-15 | CVE-2017-12526 | HP | Improper Input Validation vulnerability in HP Intelligent Management Center 7.3 A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. | 9.0 |
2018-02-15 | CVE-2017-12525 | HP | Improper Input Validation vulnerability in HP Intelligent Management Center 7.3 A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. | 9.0 |
2018-02-15 | CVE-2017-12524 | HP | Improper Input Validation vulnerability in HP Intelligent Management Center 7.3 A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. | 9.0 |
2018-02-15 | CVE-2017-12523 | HP | Improper Input Validation vulnerability in HP Intelligent Management Center 7.3 A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. | 9.0 |
2018-02-15 | CVE-2017-12522 | HP | Improper Input Validation vulnerability in HP Intelligent Management Center 7.3 A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. | 9.0 |
2018-02-15 | CVE-2017-12521 | HP | Improper Input Validation vulnerability in HP Intelligent Management Center 7.3 A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. | 9.0 |
2018-02-15 | CVE-2017-12520 | HP | Improper Input Validation vulnerability in HP Intelligent Management Center A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. | 9.0 |
2018-02-15 | CVE-2017-12519 | HP | Improper Input Validation vulnerability in HP Intelligent Management Center 7.3 A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. | 9.0 |
2018-02-15 | CVE-2017-12518 | HP | Improper Input Validation vulnerability in HP Intelligent Management Center 7.3 A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. | 9.0 |
2018-02-15 | CVE-2017-12517 | HP | Improper Input Validation vulnerability in HP Intelligent Management Center 7.3 A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. | 9.0 |
2018-02-15 | CVE-2017-12516 | HP | Improper Input Validation vulnerability in HP Intelligent Management Center 7.3 A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. | 9.0 |
2018-02-15 | CVE-2017-12515 | HP | Improper Input Validation vulnerability in HP Intelligent Management Center 7.3 A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. | 9.0 |
2018-02-15 | CVE-2017-12514 | HP | Improper Input Validation vulnerability in HP Intelligent Management Center 7.3 A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. | 9.0 |
2018-02-15 | CVE-2017-12513 | HP | Improper Input Validation vulnerability in HP Intelligent Management Center 7.3 A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. | 9.0 |
2018-02-15 | CVE-2017-12512 | HP | Improper Input Validation vulnerability in HP Intelligent Management Center 7.3 A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. | 9.0 |
2018-02-15 | CVE-2017-12511 | HP | Improper Input Validation vulnerability in HP Intelligent Management Center 7.3 A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. | 9.0 |
2018-02-15 | CVE-2017-12510 | HP | Improper Input Validation vulnerability in HP Intelligent Management Center 7.3 A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. | 9.0 |
2018-02-15 | CVE-2017-12509 | HP | Improper Input Validation vulnerability in HP Intelligent Management Center 7.3 A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. | 9.0 |
2018-02-15 | CVE-2017-12508 | HP | Improper Input Validation vulnerability in HP Intelligent Management Center 7.3 A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. | 9.0 |
2018-02-15 | CVE-2017-12507 | HP | Improper Input Validation vulnerability in HP Intelligent Management Center 7.3 A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. | 9.0 |
2018-02-15 | CVE-2017-12506 | HP | Improper Input Validation vulnerability in HP Intelligent Management Center 7.3 A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. | 9.0 |
2018-02-15 | CVE-2017-12505 | HP | Improper Input Validation vulnerability in HP Intelligent Management Center 7.3 A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. | 9.0 |
2018-02-15 | CVE-2017-12504 | HP | Improper Input Validation vulnerability in HP Intelligent Management Center 7.3 A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. | 9.0 |
2018-02-15 | CVE-2017-12503 | HP | Improper Input Validation vulnerability in HP Intelligent Management Center 7.3 A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. | 9.0 |
2018-02-15 | CVE-2017-12502 | HP | Improper Input Validation vulnerability in HP Intelligent Management Center 7.3 A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. | 9.0 |
2018-02-15 | CVE-2017-12501 | HP | Improper Input Validation vulnerability in HP Intelligent Management Center 7.3 A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. | 9.0 |
2018-02-15 | CVE-2017-12500 | HP | Improper Input Validation vulnerability in HP Intelligent Management Center 7.3 A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. | 9.0 |
2018-02-15 | CVE-2017-12499 | HP | Improper Input Validation vulnerability in HP Intelligent Management Center 7.3 A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. | 9.0 |
2018-02-15 | CVE-2017-12498 | HP | Improper Input Validation vulnerability in HP Intelligent Management Center 7.3 A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. | 9.0 |
2018-02-15 | CVE-2017-12497 | HP | Improper Input Validation vulnerability in HP Intelligent Management Center 7.3 A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. | 9.0 |
2018-02-15 | CVE-2017-12496 | HP | Improper Input Validation vulnerability in HP Intelligent Management Center 7.3 A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. | 9.0 |
2018-02-15 | CVE-2017-12495 | HP | Improper Input Validation vulnerability in HP Intelligent Management Center 7.3 A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. | 9.0 |
2018-02-15 | CVE-2017-12494 | HP | Improper Input Validation vulnerability in HP Intelligent Management Center 7.3 A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. | 9.0 |
2018-02-15 | CVE-2017-12493 | HP | Improper Input Validation vulnerability in HP Intelligent Management Center 7.3 A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. | 9.0 |
2018-02-15 | CVE-2017-12492 | HP | Improper Input Validation vulnerability in HP Intelligent Management Center 7.3 A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. | 9.0 |
2018-02-15 | CVE-2017-12491 | HP | Improper Input Validation vulnerability in HP Intelligent Management Center 7.3 A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. | 9.0 |
2018-02-15 | CVE-2017-12490 | HP | Improper Input Validation vulnerability in HP Intelligent Management Center 7.3 A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. | 9.0 |
2018-02-15 | CVE-2017-12489 | HP | Improper Input Validation vulnerability in HP Intelligent Management Center 7.3 A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. | 9.0 |
2018-02-15 | CVE-2017-12488 | HP | Improper Input Validation vulnerability in HP Intelligent Management Center 7.3 A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. | 9.0 |
2018-02-15 | CVE-2017-12487 | HP | Improper Input Validation vulnerability in HP Intelligent Management Center 7.3 A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. | 9.0 |
2018-02-15 | CVE-2016-8523 | HP | Command Injection vulnerability in HP Smart Storage Administrator A Remote Arbitrary Code Execution vulnerability in HPE Smart Storage Administrator version before v2.60.18.0 was found. | 9.0 |
2018-02-14 | CVE-2017-6230 | Ruckuswireless | OS Command Injection vulnerability in Ruckuswireless products Ruckus Networks Solo APs firmware releases R110.x or before and Ruckus Networks SZ managed APs firmware releases R5.x or before contain authenticated Root Command Injection in the web-GUI that could allow authenticated valid users to execute privileged commands on the respective systems. | 9.0 |
2018-02-14 | CVE-2017-6229 | Ruckuswireless | OS Command Injection vulnerability in Ruckuswireless products Ruckus Networks Unleashed AP firmware releases before 200.6.10.1.x and Ruckus Networks Zone Director firmware releases 10.1.0.0.x, 9.10.2.0.x, 9.12.3.0.x, 9.13.3.0.x, 10.0.1.0.x or before contain authenticated Root Command Injection in the CLI that could allow authenticated valid users to execute privileged commands on the respective systems. | 9.0 |
2018-02-13 | CVE-2018-1383 | IBM | Unspecified vulnerability in IBM AIX A software logic bug creates a vulnerability in an AIX 6.1, 7.1, and 7.2 daemon which could allow a user with root privileges on one system, to obtain root access on another machine. | 9.0 |
2018-02-12 | CVE-2017-9970 | Schneider Electric | Unrestricted Upload of File with Dangerous Type vulnerability in Schneider-Electric Struxureon Gateway 1.1.3 A remote code execution vulnerability exists in Schneider Electric's StruxureOn Gateway versions 1.1.3 and prior. | 9.0 |
2018-02-12 | CVE-2018-6926 | Misp | OS Command Injection vulnerability in Misp 2.4.87 In app/Controller/ServersController.php in MISP 2.4.87, a server setting permitted the override of a path variable on certain Red Hed Enterprise Linux and CentOS systems (where rh_shell_fix was enabled), and consequently allowed site admins to inject arbitrary OS commands. | 9.0 |
100 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2018-02-12 | CVE-2016-5397 | Apache | Command Injection vulnerability in Apache Thrift The Apache Thrift Go client library exposed the potential during code generation for command injection due to using an external formatting tool. | 8.8 |
2018-02-15 | CVE-2017-8977 | HP | Improper Input Validation vulnerability in HP Moonshot Provisioning Manager Appliance 1.20 A Remote Denial of Service vulnerability in Hewlett Packard Enterprise Moonshot Provisioning Manager Appliance version v1.20 was found. | 8.5 |
2018-02-14 | CVE-2018-2376 | SAP | Unspecified vulnerability in SAP Hana Extended Application Services 1.0 In SAP HANA Extended Application Services, 1.0, a controller user who has SpaceAuditor authorization in a specific space could retrieve application environments within that space. | 8.1 |
2018-02-14 | CVE-2018-2375 | SAP | Unspecified vulnerability in SAP Hana Extended Application Services 1.0 In SAP HANA Extended Application Services, 1.0, a controller user who has SpaceAuditor authorization in a specific space could retrieve application environments within that space. | 8.1 |
2018-02-15 | CVE-2017-8955 | HP | Improper Input Validation vulnerability in HP Intelligent Management Center 7.2 A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.2 was found. | 7.8 |
2018-02-15 | CVE-2017-8944 | HP | Information Exposure vulnerability in HP Cloud Optimizer A Remote Disclosure of Information vulnerability in HPE Cloud Optimizer version v3.0x was found. | 7.8 |
2018-02-15 | CVE-2017-5822 | HP | Unspecified vulnerability in HP Intelligent Management Center 7.3 A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found. | 7.8 |
2018-02-15 | CVE-2017-5818 | HP | Improper Input Validation vulnerability in HP Intelligent Management Center 7.3 A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found. | 7.8 |
2018-02-15 | CVE-2017-5811 | HP | Information Exposure vulnerability in HP Network Automation A remote code execution vulnerability in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found. | 7.8 |
2018-02-15 | CVE-2017-5808 | HP | Improper Input Validation vulnerability in HP Data Protector A Remote Arbitrary Code Execution vulnerability in HPE Data Protector version prior to 8.17 and 9.09 was found. | 7.8 |
2018-02-15 | CVE-2017-5803 | HP | Information Exposure vulnerability in HP Nonstop Server Software A Remote Disclosure of Information vulnerability in HPE NonStop Servers using SSH Service version L series: T0801L02 through T0801L02^ABX; J and H series: T0801H01 through T0801H01^ACA was found. | 7.8 |
2018-02-15 | CVE-2017-5797 | HP | Information Exposure vulnerability in HP Intelligent Management Center 7.3 A Remote Unauthenticated Disclosure of Information vulnerability in HPE Intelligent Management Center (IMC) SOM version v7.3 (E0501) was found. | 7.8 |
2018-02-15 | CVE-2017-12545 | HP Linux Microsoft | NULL Pointer Dereference vulnerability in HP System Management Homepage A remote denial of service vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found. | 7.8 |
2018-02-15 | CVE-2017-17300 | Huawei | Improper Input Validation vulnerability in Huawei products Huawei S12700 V200R008C00, V200R009C00, S5700 V200R007C00, V200R008C00, V200R009C00, S6700 V200R008C00, V200R009C00, S7700 V200R008C00, V200R009C00, S9700 V200R008C00, V200R009C00 have a numeric errors vulnerability. | 7.8 |
2018-02-15 | CVE-2017-17165 | Huawei | Out-of-bounds Read vulnerability in Huawei products IPv6 function in Huawei Quidway S2700 V200R003C00SPC300, Quidway S5300 V200R003C00SPC300, Quidway S5700 V200R003C00SPC300, S2300 V200R003C00, V200R003C00SPC300T, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, S2700 V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, S5300 V200R003C00, V200R003C00SPC300T, V200R003C00SPC600, V200R003C02, V200R005C00, V200R005C01, V200R005C02, V200R005C03, V200R005C05, V200R006C00, V200R007C00, V200R008C00, V200R009C00, S5700 V200R003C00, V200R003C00SPC316T, V200R003C00SPC600, V200R003C02, V200R005C00, V200R005C01, V200R005C02, V200R005C03, V200R006C00, V200R007C00, V200R008C00, V200R009C00, S600-E V200R008C00, V200R009C00, S6300 V200R003C00, V200R005C00, V200R007C00, V200R008C00, V200R009C00, S6700 V200R003C00, V200R005C00, V200R005C01, V200R005C02, V200R007C00, V200R008C00, V200R009C00 has an out-of-bounds read vulnerability. | 7.8 |
2018-02-15 | CVE-2017-15348 | Huawei | Improper Input Validation vulnerability in Huawei products Huawei IPS Module V500R001C00, NGFW Module V500R001C00, NIP6300 V500R001C00, NIP6600 V500R001C00, Secospace USG6300 V500R001C00, Secospace USG6500 V500R001C00, Secospace USG6600 V500R001C00, USG9500 V500R001C00 have an insufficient input validation vulnerability. | 7.8 |
2018-02-15 | CVE-2017-15344 | Huawei | Integer Overflow or Wraparound vulnerability in Huawei Ar120-S Firmware, Ar1200 Firmware and Ar3200 Firmware Huawei AR3200 with software V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30 has an integer overflow vulnerability. | 7.8 |
2018-02-15 | CVE-2017-15343 | Huawei | Integer Overflow or Wraparound vulnerability in Huawei Ar120-S Firmware, Ar1200 Firmware and Ar3200 Firmware Huawei AR3200 with software V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30 has an integer overflow vulnerability. | 7.8 |
2018-02-13 | CVE-2018-6954 | Systemd Project Canonical Opensuse | Link Following vulnerability in multiple products systemd-tmpfiles in systemd through 237 mishandles symlinks present in non-terminal path components, which allows local users to obtain ownership of arbitrary files via vectors involving creation of a directory and a file under that directory, and later replacing that directory with a symlink. | 7.8 |
2018-02-12 | CVE-2017-13232 | Information Exposure vulnerability in Google Android In audioserver, there is an out-of-bounds write due to a log statement using %s with an array that may not be NULL terminated. | 7.8 | |
2018-02-15 | CVE-2017-8946 | HP | Remote Code Execution vulnerability in HP Aruba Airwave Glass 1.0.0/1.0.1 A Remote Code Execution vulnerability in HPE Aruba AirWave Glass version v1.0.0 and 1.0.1 was found. | 7.6 |
2018-02-15 | CVE-2018-0860 | Microsoft | Out-of-bounds Write vulnerability in Microsoft Edge Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". | 7.6 |
2018-02-15 | CVE-2018-0859 | Microsoft | Out-of-bounds Write vulnerability in Microsoft Chakracore and Edge Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". | 7.6 |
2018-02-15 | CVE-2018-0857 | Microsoft | Out-of-bounds Write vulnerability in Microsoft Chakracore and Edge Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". | 7.6 |
2018-02-15 | CVE-2018-0856 | Microsoft | Out-of-bounds Write vulnerability in Microsoft Chakracore and Edge Microsoft Edge and ChakraCore in Microsoft Windows 10 1703 and 1709 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". | 7.6 |
2018-02-15 | CVE-2018-0838 | Microsoft | Out-of-bounds Write vulnerability in Microsoft Chakracore and Edge Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". | 7.6 |
2018-02-15 | CVE-2018-0837 | Microsoft | Out-of-bounds Write vulnerability in Microsoft Chakracore and Edge Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". | 7.6 |
2018-02-15 | CVE-2018-0836 | Microsoft | Out-of-bounds Write vulnerability in Microsoft Chakracore and Edge Microsoft Edge and ChakraCore in Microsoft Windows 10 1703 and 1709 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". | 7.6 |
2018-02-15 | CVE-2018-0835 | Microsoft | Out-of-bounds Write vulnerability in Microsoft Chakracore and Edge Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". | 7.6 |
2018-02-15 | CVE-2018-0825 | Microsoft | Unspecified vulnerability in Microsoft products StructuredQuery in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows a remote code execution vulnerability due to how objects are handled in memory, aka "StructuredQuery Remote Code Execution Vulnerability". | 7.6 |
2018-02-18 | CVE-2018-6024 | Thethinkery | SQL Injection vulnerability in Thethinkery Project LOG 1.5.3 SQL Injection exists in the Project Log 1.5.3 component for Joomla! via the search parameter. | 7.5 |
2018-02-17 | CVE-2018-7180 | Saxum2003 | SQL Injection vulnerability in Saxum2003 Astro 4.0.14 SQL Injection exists in the Saxum Astro 4.0.14 component for Joomla! via the publicid parameter. | 7.5 |
2018-02-17 | CVE-2018-7179 | Squadmanagement Project | SQL Injection vulnerability in Squadmanagement Project Squadmanagement 1.0.3 SQL Injection exists in the SquadManagement 1.0.3 component for Joomla! via the id parameter. | 7.5 |
2018-02-17 | CVE-2018-7178 | Saxum2003 | SQL Injection vulnerability in Saxum2003 Saxum Picker 3.2.10 SQL Injection exists in the Saxum Picker 3.2.10 component for Joomla! via the publicid parameter. | 7.5 |
2018-02-17 | CVE-2018-7177 | Saxum2003 | SQL Injection vulnerability in Saxum2003 Numerology 3.0.4 SQL Injection exists in the Saxum Numerology 3.0.4 component for Joomla! via the publicid parameter. | 7.5 |
2018-02-17 | CVE-2018-6585 | Techjoomla | SQL Injection vulnerability in Techjoomla Jticketing 2.0.16 SQL Injection exists in the JTicketing 2.0.16 component for Joomla! via a view=events action with a filter_creator or filter_events_cat parameter. | 7.5 |
2018-02-17 | CVE-2018-6584 | Dthdevelopment | SQL Injection vulnerability in Dthdevelopment DT Register 3.2.7 SQL Injection exists in the DT Register 3.2.7 component for Joomla! via a task=edit&id= request. | 7.5 |
2018-02-17 | CVE-2018-6583 | Quanticalabs | SQL Injection vulnerability in Quanticalabs Timetable Responsive Schedule 1.5 SQL Injection exists in the Timetable Responsive Schedule 1.5 component for Joomla! via a view=event&alias= request. | 7.5 |
2018-02-17 | CVE-2018-6396 | Google MAP Landkarten Project | SQL Injection vulnerability in Google MAP Landkarten Project Google MAP Landkarten 4.2.3 SQL Injection exists in the Google Map Landkarten through 4.2.3 component for Joomla! via the cid or id parameter in a layout=form_markers action, or the map parameter in a layout=default action. | 7.5 |
2018-02-17 | CVE-2018-6394 | Techjoomla | SQL Injection vulnerability in Techjoomla Invitex 3.0.5 SQL Injection exists in the InviteX 3.0.5 component for Joomla! via the invite_type parameter in a view=invites action. | 7.5 |
2018-02-17 | CVE-2018-6373 | Fastballproductions | SQL Injection vulnerability in Fastballproductions Fastball 2.5.0 SQL Injection exists in the Fastball 2.5 component for Joomla! via the season parameter in a view=player action. | 7.5 |
2018-02-17 | CVE-2018-6372 | Joombooking | SQL Injection vulnerability in Joombooking JB BUS 2.3 SQL Injection exists in the JB Bus 2.3 component for Joomla! via the order_number parameter. | 7.5 |
2018-02-17 | CVE-2018-6370 | Neojoomla | SQL Injection vulnerability in Neojoomla Neorecruit 4.1 SQL Injection exists in the NeoRecruit 4.1 component for Joomla! via the (1) PATH_INFO or (2) name of a .html file under the all-offers/ URI. | 7.5 |
2018-02-17 | CVE-2018-6368 | Comdev | SQL Injection vulnerability in Comdev Jomestate PRO SQL Injection exists in the JomEstate PRO through 3.7 component for Joomla! via the id parameter in a task=detailed action. | 7.5 |
2018-02-17 | CVE-2018-6006 | Joomsky | SQL Injection vulnerability in Joomsky JS Autoz 1.0.9 SQL Injection exists in the JS Autoz 1.0.9 component for Joomla! via the vtype, pre, or prs parameter. | 7.5 |
2018-02-17 | CVE-2018-6005 | Realpin Project | SQL Injection vulnerability in Realpin Project Realpin 1.5.04 SQL Injection exists in the Realpin through 1.5.04 component for Joomla! via the pinboard parameter. | 7.5 |
2018-02-17 | CVE-2018-6004 | Techsolsystem | SQL Injection vulnerability in Techsolsystem File Download Tracker 3.0 SQL Injection exists in the File Download Tracker 3.0 component for Joomla! via the dynfield[phone] or sess parameter. | 7.5 |
2018-02-17 | CVE-2018-5994 | Joomsky | SQL Injection vulnerability in Joomsky JS Jobs 1.1.9 SQL Injection exists in the JS Jobs 1.1.9 component for Joomla! via the zipcode parameter in a newest-jobs request, or the ta parameter in a view_resume request. | 7.5 |
2018-02-17 | CVE-2018-5993 | Aist Project | SQL Injection vulnerability in Aist Project Aist 2.0 SQL Injection exists in the Aist through 2.0 component for Joomla! via the id parameter in a view=showvacancy request. | 7.5 |
2018-02-17 | CVE-2018-5992 | Staff Master Project | SQL Injection vulnerability in Staff Master Project Staff Master 1.0 SQL Injection exists in the Staff Master through 1.0 RC 1 component for Joomla! via the name parameter in a view=staff request. | 7.5 |
2018-02-17 | CVE-2018-5991 | WEB Dorado | SQL Injection vulnerability in Web-Dorado Form Maker 3.6.12 SQL Injection exists in the Form Maker 3.6.12 component for Joomla! via the id, from, or to parameter in a view=stats request, a different vulnerability than CVE-2015-2798. | 7.5 |
2018-02-17 | CVE-2018-5990 | Allvideos Reloaded Project | SQL Injection vulnerability in Allvideos Reloaded Project Allvideos Reloaded SQL Injection exists in the AllVideos Reloaded 1.2.x component for Joomla! via the divid parameter. | 7.5 |
2018-02-17 | CVE-2018-5989 | Chillcreations | SQL Injection vulnerability in Chillcreations Ccnewsletter SQL Injection exists in the ccNewsletter 2.x component for Joomla! via the id parameter in a task=removeSubscriber action, a related issue to CVE-2011-5099. | 7.5 |
2018-02-17 | CVE-2018-5987 | Social Pinboard Project | SQL Injection vulnerability in Social Pinboard Project Social Pinboard 2.0 SQL Injection exists in the Pinterest Clone Social Pinboard 2.0 component for Joomla! via the pin_id or user_id parameter in a task=getlikeinfo action, the ends parameter in a view=gift action, the category parameter in a view=home action, the uid parameter in a view=pindisplay action, the searchVal parameter in a view=search action, or the uid parameter in a view=likes action. | 7.5 |
2018-02-17 | CVE-2018-5983 | Jquickcontact Project | SQL Injection vulnerability in Jquickcontact Project Jquickcontact 1.3.2.2.1 SQL Injection exists in the JquickContact 1.3.2.2.1 component for Joomla! via a task=refresh&sid= request. | 7.5 |
2018-02-17 | CVE-2018-5982 | Ordasoft | SQL Injection vulnerability in Ordasoft Advertisement Board 3.1.0 SQL Injection exists in the Advertisement Board 3.1.0 component for Joomla! via a task=show_rss_categories&catname= request. | 7.5 |
2018-02-17 | CVE-2018-5981 | WEB Dorado | SQL Injection vulnerability in Web-Dorado Gallery WD 1.3.6 SQL Injection exists in the Gallery WD 1.3.6 component for Joomla! via the tag_id parameter or gallery_id parameter. | 7.5 |
2018-02-17 | CVE-2018-5980 | Solidres | SQL Injection vulnerability in Solidres 2.5.1 SQL Injection exists in the Solidres 2.5.1 component for Joomla! via the direction parameter in a hub.search action. | 7.5 |
2018-02-17 | CVE-2018-5975 | Thekrotek | SQL Injection vulnerability in Thekrotek Smart Shoutbox 3.0.0 SQL Injection exists in the Smart Shoutbox 3.0.0 component for Joomla! via the shoutauthor parameter to the archive URI. | 7.5 |
2018-02-17 | CVE-2018-5974 | Albonico | SQL Injection vulnerability in Albonico Simplecalendar 3.1.9 SQL Injection exists in the SimpleCalendar 3.1.9 component for Joomla! via the catid array parameter. | 7.5 |
2018-02-17 | CVE-2018-5971 | Ordasoft | SQL Injection vulnerability in Ordasoft Medialibrary 4.0.12 SQL Injection exists in the MediaLibrary Free 4.0.12 component for Joomla! via the id parameter or the mid array parameter. | 7.5 |
2018-02-17 | CVE-2018-5970 | Techjoomla | SQL Injection vulnerability in Techjoomla Jgive 2.0.9 SQL Injection exists in the JGive 2.0.9 component for Joomla! via the filter_org_ind_type or campaign_countries parameter. | 7.5 |
2018-02-15 | CVE-2018-5767 | Tendacn | Improper Input Validation vulnerability in Tendacn Ac15 Firmware 15.03.1.16 An issue was discovered on Tenda AC15 V15.03.1.16_multi devices. | 7.5 |
2018-02-15 | CVE-2017-8979 | HP | Unspecified vulnerability in HP Integrated Lights-Out 2 Firmware 2.29 Security vulnerabilities in the HPE Integrated Lights-Out 2 (iLO 2) firmware could be exploited remotely to allow authentication bypass, code execution, and denial of service. | 7.5 |
2018-02-15 | CVE-2017-8960 | HP | Unspecified vulnerability in HP products An Authentication Bypass vulnerability in HPE MSA 1040 and MSA 2040 SAN Storage IN version GL220P008 and earlier was found. | 7.5 |
2018-02-15 | CVE-2017-5810 | HP | SQL Injection vulnerability in HP Network Automation A remote sql injection vulnerability in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found. | 7.5 |
2018-02-15 | CVE-2017-5792 | HP | Deserialization of Untrusted Data vulnerability in HP Intelligent Management Center 7.3 A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P2 was found. | 7.5 |
2018-02-15 | CVE-2016-8512 | HP | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in HP Loadrunner and Performance Center A Remote Code Execution vulnerability in all versions of HPE LoadRunner and Performance Center was found. | 7.5 |
2018-02-15 | CVE-2016-8511 | HP | Deserialization of Untrusted Data vulnerability in HP Network Automation A Remote Code Execution vulnerability in HPE Network Automation using RPCServlet and Java Deserialization version v9.1x, v9.2x, v10.00, v10.00.01, v10.00.02, v10.10, v10.11, v10.11.01, v10.20 was found. | 7.5 |
2018-02-15 | CVE-2011-4973 | MOD NSS Project | Improper Authentication vulnerability in MOD NSS Project MOD NSS 1.0.8 Authentication bypass vulnerability in mod_nss 1.0.8 allows remote attackers to assume the identity of a valid user by using their certificate and entering 'password' as the password. | 7.5 |
2018-02-15 | CVE-2018-7054 | Irssi Canonical Debian | Use After Free vulnerability in multiple products An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. | 7.5 |
2018-02-15 | CVE-2018-7053 | Irssi Debian Canonical | Use After Free vulnerability in multiple products An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. | 7.5 |
2018-02-15 | CVE-2017-17301 | Huawei | Improper Certificate Validation vulnerability in Huawei products Huawei AR120-S V200R005C32, V200R006C10, V200R007C00, V200R008C20, AR1200 V200R005C20, V200R005C32, V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, AR1200-S V200R005C32, V200R006C10, V200R007C00, V200R008C20, AR150 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, AR160 V200R005C32, V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, AR200 V200R005C32, V200R006C10, V200R007C00, V200R007C01, V200R008C20, AR200-S V200R005C32, V200R006C10, V200R007C00, V200R008C20, AR2200 V200R005C20, V200R005C32, V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, AR2200-S V200R005C32, V200R006C10, V200R007C00, V200R008C20, AR3200 V200R005C32, V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30, AR3600 V200R006C10, V200R007C00, V200R007C01, V200R008C20, AR510 V200R005C32, V200R006C10, V200R007C00, V200R008C20, CloudEngine 12800 V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00, V200R001C00, CloudEngine 5800 V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00, V200R001C00, CloudEngine 6800 V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00, V200R001C00, CloudEngine 7800 V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00, V200R001C00, DP300 V500R002C00, SMC2.0 V100R003C10, V100R005C00, V500R002C00, SRG1300 V200R005C32, V200R006C10, V200R007C00, V200R007C02, V200R008C20, SRG2300 V200R005C32, V200R006C10, V200R007C00, V200R007C02, V200R008C20, SRG3300 V200R005C32, V200R006C10, V200R007C00, V200R008C20, TE30 V100R001C10, TE60 V100R003C00, V500R002C00, VP9660 V200R001C02, V200R001C30, V500R002C00, ViewPoint 8660 V100R008C02, V100R008C03, eSpace IAD V300R002C01, eSpace U1981 V200R003C20, V200R003C30, eSpace USM V100R001C01, V300R001C00 have a weak cryptography vulnerability. | 7.5 |
2018-02-15 | CVE-2018-5440 | 3S Software | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in 3S-Software Codesys Runtime System and Codesys web Server A Stack-based Buffer Overflow issue was discovered in 3S-Smart CODESYS Web Server. | 7.5 |
2018-02-15 | CVE-2017-18189 | Sound Exchange Project Debian | NULL Pointer Dereference vulnerability in multiple products In the startread function in xa.c in Sound eXchange (SoX) through 14.4.2, a corrupt header specifying zero channels triggers an infinite loop with a resultant NULL pointer dereference, which may allow a remote attacker to cause a denial-of-service. | 7.5 |
2018-02-15 | CVE-2017-12726 | Smiths Medical | Use of Hard-coded Credentials vulnerability in Smiths-Medical Medfusion 4000 Wireless Syringe Infusion Pump 1.1/1.5/1.6 A Use of Hard-coded Password issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. | 7.5 |
2018-02-14 | CVE-2018-7039 | CCN Lite | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Ccn-Lite 2.0.0 CCN-lite 2.0.0 Beta allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact because the ccnl_ndntlv_prependBlob function in ccnl-pkt-ndntlv.c can be called with wrong arguments. | 7.5 |
2018-02-14 | CVE-2017-18187 | ARM Debian | Integer Overflow or Wraparound vulnerability in multiple products In ARM mbed TLS before 2.7.0, there is a bounds-check bypass through an integer overflow in PSK identity parsing in the ssl_parse_client_psk_identity() function in library/ssl_srv.c. | 7.5 |
2018-02-14 | CVE-2018-2373 | SAP | Unspecified vulnerability in SAP Hana Extended Application Services 1.0 Under certain circumstances, a specific endpoint of the Controller's API could be misused by unauthenticated users to execute SQL statements that deliver information about system configuration in SAP HANA Extended Application Services, 1.0. | 7.5 |
2018-02-13 | CVE-2018-5459 | Wago | Improper Authentication vulnerability in Wago Pfc200 Firmware An Improper Authentication issue was discovered in WAGO PFC200 Series 3S CoDeSys Runtime versions 2.3.X and 2.4.X. | 7.5 |
2018-02-13 | CVE-2018-6953 | CCN Lite | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Ccn-Lite 2.0.0 In CCN-lite 2, the Parser of NDNTLV does not verify whether a certain component's length field matches the actual component length, which has a resultant buffer overflow and out-of-bounds memory accesses. | 7.5 |
2018-02-13 | CVE-2018-6948 | CCN Lite | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Ccn-Lite 2.0.0 In CCN-lite 2, the function ccnl_prefix_to_str_detailed can cause a buffer overflow, when writing a prefix to the buffer buf. | 7.5 |
2018-02-13 | CVE-2018-6928 | News Website Script Project | SQL Injection vulnerability in News Website Script Project News Website Script 2.0.4 PHP Scripts Mall News Website Script 2.0.4 has SQL Injection via a search term. | 7.5 |
2018-02-13 | CVE-2018-0488 | ARM Debian | Out-of-bounds Write vulnerability in multiple products ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0, when the truncated HMAC extension and CBC are used, allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption) via a crafted application packet within a TLS or DTLS session. | 7.5 |
2018-02-13 | CVE-2018-0487 | ARM Debian | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via a crafted certificate chain that is mishandled during RSASSA-PSS signature verification within a TLS or DTLS session. | 7.5 |
2018-02-12 | CVE-2018-6893 | Finecms | SQL Injection vulnerability in Finecms 5.2.0 controllers/member/Api.php in dayrui FineCms 5.2.0 has SQL Injection: a request with s=member,c=api,m=checktitle, and the parameter 'module' with a SQL statement, lacks effective filtering. | 7.5 |
2018-02-12 | CVE-2018-6863 | Select Your College Script Project | SQL Injection vulnerability in Select Your College Script Project Select Your College Script 2.0.2 SQL Injection exists in PHP Scripts Mall Select Your College Script 2.0.2 via a Login Parameter. | 7.5 |
2018-02-15 | CVE-2016-8529 | HP | Improper Access Control vulnerability in HP Lefthand 12.5 A Remote Arbitrary Command Execution vulnerability in HPE StoreVirtual 4000 Storage and StoreVirtual VSA Software running LeftHand OS version v12.5 and earlier was found. | 7.3 |
2018-02-15 | CVE-2017-17161 | Huawei | Improper Authentication vulnerability in Huawei Duke-L09 Firmware The 'Find Phone' function in some Huawei smart phones with software earlier than Duke-L09C10B186 versions, earlier than Duke-L09C432B187 versions, earlier than Duke-L09C636B186 versions has an authentication bypass vulnerability. | 7.2 |
2018-02-15 | CVE-2017-15351 | Huawei | Improper Authentication vulnerability in Huawei Honor V9 Play Firmware Jimmyal00Ac00B135 The 'Find Phone' function in Huawei Honor V9 play smart phones with versions earlier than Jimmy-AL00AC00B135 has an authentication bypass vulnerability. | 7.2 |
2018-02-13 | CVE-2017-1714 | IBM | Unspecified vulnerability in IBM Client Application Access and Notes IBM Notes and Domino NSD 8.5 and 9.0 could allow an authenticated local user without administrative privileges to gain System privilege. | 7.2 |
2018-02-12 | CVE-2017-13231 | Out-of-bounds Write vulnerability in Google Android 8.0/8.1 In libmediadrm, there is an out-of-bounds write due to improper input validation. | 7.2 | |
2018-02-12 | CVE-2016-8742 | Apache Microsoft | Permissions, Privileges, and Access Controls vulnerability in Apache Couchdb 2.0.0 The Windows installer that the Apache CouchDB team provides was vulnerable to local privilege escalation. | 7.2 |
2018-02-15 | CVE-2017-5795 | HP | Information Exposure vulnerability in HP Intelligent Management Center 7.2 A Local Arbitrary File Download vulnerability in HPE Intelligent Management Center (IMC) version PLAT 7.2 E0403P06 was found. | 7.1 |
2018-02-15 | CVE-2017-17160 | Huawei | Out-of-bounds Write vulnerability in Huawei products Huawei AR120-S V200R006C10, V200R007C00, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C02, AR1200-S V200R006C10, V200R007C00, V200R008C20, AR150 V200R006C10, V200R007C00, V200R007C02, AR150-S V200R006C10, V200R007C00, AR160 V200R006C10, V200R006C12, V200R007C00, V200R007C02, AR200 V200R006C10, V200R007C00, AR200-S V200R006C10, V200R007C00, AR2200 V200R006C10, V200R006C13, V200R006C16PWE, V200R007C00, V200R007C02, AR2200-S V200R006C10, V200R007C00, V200R008C20, AR3200 V200R006C10, V200R006C11, V200R007C00, V200R007C02, AR3600 V200R006C10, V200R007C00, AR510 V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00, NetEngine16EX V200R006C10, V200R007C00, SRG1300 V200R006C10, V200R007C00, V200R007C02, SRG2300 V200R006C10, V200R007C00, V200R007C02, SRG3300 V200R006C10, V200R007C00 have a buffer overflow vulnerability due to incomplete range checks of the input data. | 7.1 |
2018-02-15 | CVE-2017-15347 | Huawei | Use After Free vulnerability in Huawei Mate 9 PRO Firmware Lonal00Bc00B235 Huawei Mate 9 Pro mobile phones with software of versions earlier than LON-AL00BC00B235 have a use after free (UAF) vulnerability. | 7.1 |
2018-02-15 | CVE-2017-15330 | Huawei | Double Free vulnerability in Huawei Vicky-Al00A Firmware Vickyal00Ac00B124D/Vickyal00Ac00B157D/Vickyal00Ac00B167 The Flp Driver in some Huawei smartphones of the software Vicky-AL00AC00B124D, Vicky-AL00AC00B157D, Vicky-AL00AC00B167 has a double free vulnerability. | 7.1 |
2018-02-12 | CVE-2017-13234 | Missing Release of Resource after Effective Lifetime vulnerability in Google Android In DLSParser of the sonivox library, there is possible resource exhaustion due to a memory leak. | 7.1 | |
2018-02-12 | CVE-2017-13233 | Resource Exhaustion vulnerability in Google Android In ihevcd_ctb_boundary_strength_pbslice of libhevc, there is possible resource exhaustion. | 7.1 | |
2018-02-15 | CVE-2018-0842 | Microsoft | Unspecified vulnerability in Microsoft products Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allow an elevation of privilege vulnerability due to how objects in memory are handled, aka "Windows Kernel Elevation of Privilege Vulnerability". | 7.0 |
252 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2018-02-15 | CVE-2018-0809 | Microsoft | Unspecified vulnerability in Microsoft Windows 10 and Windows Server 2016 The Windows kernel in Windows 10, versions 1703 and 1709, and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka "Windows Elevation of Privilege Vulnerability". | 6.9 |
2018-02-15 | CVE-2017-13273 | Unspecified vulnerability in Google Android In xt_qtaguid.c, there is a race condition due to insufficient locking. | 6.9 | |
2018-02-18 | CVE-2018-7208 | GNU Redhat | Improper Input Validation vulnerability in multiple products In the coff_pointerize_aux function in coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, an index is not validated, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted file, as demonstrated by objcopy of a COFF object. | 6.8 |
2018-02-16 | CVE-2018-0516 | Flets | Untrusted Search Path vulnerability in Flets Address Selection Tool 4.0/6.0 Untrusted search path vulnerability in FLET'S v4 / v6 address selection tool allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 6.8 |
2018-02-16 | CVE-2018-0515 | Flets | Untrusted Search Path vulnerability in Flets Azukeru Backup Tool Untrusted search path vulnerability in "FLET'S Azukeru Backup Tool" version 1.5.2.6 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 6.8 |
2018-02-16 | CVE-2018-7176 | Frontaccounting | Cross-Site Request Forgery (CSRF) vulnerability in Frontaccounting 2.4.3 FrontAccounting 2.4.3 suffers from a CSRF flaw, which leads to adding a user account via admin/users.php (aka the "add user" feature of the User Permissions page). | 6.8 |
2018-02-15 | CVE-2017-5813 | HP | Security vulnerability in HP Network Automation A remote unauthenticated access vulnerability in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found. | 6.8 |
2018-02-15 | CVE-2017-5787 | HP | Denial of Service vulnerability in HP Version Control Repository Manager A remote denial of service vulnerability in HPE Version Control Repository Manager (VCRM) in all versions prior to 7.6 was found. | 6.8 |
2018-02-15 | CVE-2017-5781 | HP | Cross-Site Request Forgery (CSRF) vulnerability in HP Matrix Operating Environment 7.6 A CSRF vulnerability in HPE Matrix Operating Environment version v7.6 was found. | 6.8 |
2018-02-15 | CVE-2017-12560 | HP | Path Traversal vulnerability in HP Intelligent Management Center 7.3 A Remote Denial of Service vulnerability in HPE Intelligent Management Center (iMC) PLAT version iMC Plat 7.3 E0504P2 was found. | 6.8 |
2018-02-15 | CVE-2017-12559 | HP | Path Traversal vulnerability in HP Intelligent Management Center 7.3 A Remote Denial of Service vulnerability in HPE Intelligent Management Center (iMC) PLAT version iMC Plat 7.3 E0504P2 was found. | 6.8 |
2018-02-15 | CVE-2017-12555 | HP | Information Exposure vulnerability in HP Intelligent Management Center 7.3 A remote arbitrary file download and disclosure of information vulnerability in HPE Intelligent Management Center (iMC) Service Operation Management (SOM) version IMC SOM 7.3 E0501 was found. | 6.8 |
2018-02-15 | CVE-2017-12725 | Smiths Medical | Use of Hard-coded Credentials vulnerability in Smiths-Medical Medfusion 4000 Wireless Syringe Infusion Pump 1.1/1.5/1.6 A Use of Hard-coded Credentials issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. | 6.8 |
2018-02-15 | CVE-2017-12724 | Smiths Medical | Use of Hard-coded Credentials vulnerability in Smiths-Medical Medfusion 4000 Wireless Syringe Infusion Pump 1.1/1.5/1.6 A Use of Hard-coded Credentials issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. | 6.8 |
2018-02-15 | CVE-2017-12720 | Smiths Medical | Missing Authentication for Critical Function vulnerability in Smiths-Medical Medfusion 4000 Wireless Syringe Infusion Pump 1.1/1.5/1.6 An Improper Access Control issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. | 6.8 |
2018-02-15 | CVE-2017-12718 | Smiths Medical | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Smiths-Medical Medfusion 4000 Wireless Syringe Infusion Pump 1.1/1.5/1.6 A Classic Buffer Overflow issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. | 6.8 |
2018-02-13 | CVE-2017-1711 | IBM | Untrusted Search Path vulnerability in IBM Client Application Access and Notes IBM iNotes 8.5 and 9.0 SUService can be misguided into running malicious code from a DLL masquerading as a windows DLL in the temp directory. | 6.8 |
2018-02-18 | CVE-2018-7217 | Tejari | Unrestricted Upload of File with Dangerous Type vulnerability in Tejari Bravo Solution In Bravo Tejari Procurement Portal, uploaded files are not properly validated by the application either on the client or the server side. | 6.5 |
2018-02-18 | CVE-2018-7206 | Jupyter | Unspecified vulnerability in Jupyter Oauthenticator An issue was discovered in Project Jupyter JupyterHub OAuthenticator 0.6.x before 0.6.2 and 0.7.x before 0.7.3. | 6.5 |
2018-02-15 | CVE-2017-8959 | HP | Unspecified vulnerability in HP products An Authentication Bypass vulnerability in HPE MSA 1040 and HPE MSA 2040 SAN Storage in version GL220P008 and earlier and was found. | 6.5 |
2018-02-15 | CVE-2017-5826 | HP | Multiple Security vulnerability in ClearPass Policy Manager An authenticated remote code execution vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found. | 6.5 |
2018-02-15 | CVE-2017-5825 | HP | Multiple Security vulnerability in ClearPass Policy Manager A privilege escalation vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found. | 6.5 |
2018-02-15 | CVE-2017-5799 | HP | Injection vulnerability in HP Opencall Media Platform A Remote Code Execution vulnerability in HPE OpenCall Media Platform (OCMP) was found. | 6.5 |
2018-02-15 | CVE-2016-8534 | HP | Permissions, Privileges, and Access Controls vulnerability in HP Matrix Operating Environment 7.6 A remote privilege elevation vulnerability in HPE Matrix Operating Environment version 7.6 was found. | 6.5 |
2018-02-15 | CVE-2016-8533 | HP | Permissions, Privileges, and Access Controls vulnerability in HP Matrix Operating Environment 7.6 A remote priviledge escalation vulnerability in HPE Matrix Operating Environment version 7.6 was found. | 6.5 |
2018-02-15 | CVE-2016-8528 | Eucalyptus | Permissions, Privileges, and Access Controls vulnerability in Eucalyptus A Remote Escalation of Privilege vulnerability in HPE Helion Eucalyptus version 3.3.0 through 4.3.1 was found. | 6.5 |
2018-02-15 | CVE-2016-8520 | Eucalyptus | Permission Issues vulnerability in Eucalyptus HPE Helion Eucalyptus v4.3.0 and earlier does not correctly check IAM user's permissions for accessing versioned objects and ACLs. | 6.5 |
2018-02-15 | CVE-2016-8515 | HP | Unrestricted Upload of File with Dangerous Type vulnerability in HP Version Control Repository Manager A remote malicious file upload vulnerability in HPE Version Control Repository Manager (VCRM) was found. | 6.5 |
2018-02-15 | CVE-2017-15089 | Infinispan | Deserialization of Untrusted Data vulnerability in Infinispan It was found that the Hotrod client in Infinispan before 9.2.0.CR1 would unsafely read deserialized data on information from the cache. | 6.5 |
2018-02-15 | CVE-2017-15329 | Huawei | SQL Injection vulnerability in Huawei UMA Firmware V200R001C00 Huawei UMA V200R001C00 has a SQL injection vulnerability in the operation and maintenance module. | 6.5 |
2018-02-14 | CVE-2017-1499 | IBM | Unrestricted Upload of File with Dangerous Type vulnerability in IBM products IBM Maximo Asset Management 7.5 and 7.6 could allow a remote attacker to include arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable Web server. | 6.5 |
2018-02-14 | CVE-2018-2395 | SAP | Unspecified vulnerability in SAP Internet Graphics Server Under certain conditions a malicious user may retrieve information on SAP Internet Graphic Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, overwrite existing image or corrupt other type of files. | 6.5 |
2018-02-14 | CVE-2018-2381 | SAP | Missing Authorization vulnerability in SAP ERP Financials Information System 2.0 SAP ERP Financials Information System (SAP_APPL 6.00, 6.02, 6.03, 6.04, 6.05, 6.06, 6.16; SAP_FIN 6.17, 6.18, 7.00, 7.20, 7.30 S4CORE 1.00, 1.01, 1.02) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | 6.5 |
2018-02-14 | CVE-2018-2379 | SAP | Information Exposure Through an Error Message vulnerability in SAP Hana Extended Application Services 1.0 In SAP HANA Extended Application Services, 1.0, an unauthenticated user could test if a given username is valid by evaluating error messages of a specific endpoint. | 6.5 |
2018-02-14 | CVE-2018-2378 | SAP | Unspecified vulnerability in SAP Hana Extended Application Services 1.0 In SAP HANA Extended Application Services, 1.0, unauthorized users can read statistical data about deployed applications including resource consumption. | 6.5 |
2018-02-14 | CVE-2018-2377 | SAP | Unspecified vulnerability in SAP Hana Extended Application Services 1.0 In SAP HANA Extended Application Services, 1.0, some general server statistics and status information could be retrieved by unauthorized users. | 6.5 |
2018-02-14 | CVE-2018-2374 | SAP | Unspecified vulnerability in SAP Hana Extended Application Services 1.0 In SAP HANA Extended Application Services, 1.0, a controller user who has SpaceAuditor authorization in a specific space could retrieve sensitive application data like service bindings within that space. | 6.5 |
2018-02-14 | CVE-2018-2372 | SAP | Information Exposure Through Log Files vulnerability in SAP Hana Extended Application Services 1.0 A plain keystore password is written to a system log file in SAP HANA Extended Application Services, 1.0, which could endanger confidentiality of SSL communication. | 6.5 |
2018-02-13 | CVE-2017-15699 | Apache | Improper Input Validation vulnerability in Apache Qpid Dispatch 0.7.0/0.8.0 A Denial of Service vulnerability was found in Apache Qpid Dispatch Router versions 0.7.0 and 0.8.0. | 6.5 |
2018-02-12 | CVE-2017-18179 | Progress | Improper Authentication vulnerability in Progress Sitefinity 9.1 Progress Sitefinity 9.1 uses wrap_access_token as a non-expiring authentication token that remains valid after a password change or a session termination. | 6.5 |
2018-02-12 | CVE-2018-6889 | Typesettercms | Code Injection vulnerability in Typesettercms Typesetter 5.1 An issue was discovered in Typesetter 5.1. | 6.5 |
2018-02-12 | CVE-2018-6860 | Schools Alert Management Script Project | Unrestricted Upload of File with Dangerous Type vulnerability in Schools Alert Management Script Project Schools Alert Management Script 2.0.2 Arbitrary File Upload and Remote Code Execution exist in PHP Scripts Mall Schools Alert Management Script 2.0.2 via a profile picture. | 6.5 |
2018-02-15 | CVE-2017-5785 | HP | Information Exposure vulnerability in HP Matrix Operating Environment 7.6 A remote information disclosure vulnerability in HPE Matrix Operating Environment version v7.6 was found. | 6.4 |
2018-02-15 | CVE-2018-0833 | Microsoft | NULL Pointer Dereference vulnerability in Microsoft Windows 8.1, Windows RT 8.1 and Windows Server 2012 The Microsoft Server Message Block 2.0 and 3.0 (SMBv2/SMBv3) client in Windows 8.1 and RT 8.1 and Windows Server 2012 R2 allows a denial of service vulnerability due to how specially crafted requests are handled, aka "SMBv2/SMBv3 Null Dereference Denial of Service Vulnerability". | 6.3 |
2018-02-15 | CVE-2017-17159 | Huawei | Improper Input Validation vulnerability in Huawei Mt8-Emui4.1 Firmware and Nts-Al00 Firmware Some Huawei smart phones with software of NXT-AL10C00B386, NXT-CL00C92B386, NXT-DL00C17B386, NXT-TL00C01B386SP01, NTS-AL00C00B535 have a DoS vulnerability due to insufficient input validation. | 6.1 |
2018-02-18 | CVE-2018-7216 | Tejari | Cross-Site Request Forgery (CSRF) vulnerability in Tejari Bravo Solution Cross-site request forgery (CSRF) vulnerability in esop/toolkit/profile/regData.do in Bravo Tejari Procurement Portal allows remote authenticated users to hijack the authentication of application users for requests that modify their personal data by leveraging lack of anti-CSRF tokens. | 6.0 |
2018-02-15 | CVE-2018-6316 | Ivanti | Incorrect Authorization vulnerability in Ivanti Endpoint Security 8.5 Ivanti Endpoint Security (formerly HEAT Endpoint Management and Security Suite) 8.5 Update 1 and earlier allows an authenticated user with low privileges and access to the local network to bypass application whitelisting when using the Application Control module on Ivanti Endpoint Security in lockdown mode. | 6.0 |
2018-02-15 | CVE-2016-8513 | HP | Cross-Site Request Forgery (CSRF) vulnerability in HP Version Control Repository Manager A Cross-Site Request Forgery (CSRF) vulnerability in HPE Version Control Repository Manager (VCRM) was found. | 6.0 |
2018-02-15 | CVE-2017-18087 | Atlassian | Unspecified vulnerability in Atlassian Bitbucket The download commit resource in Atlassian Bitbucket Server from version 5.1.0 before version 5.1.7, from version 5.2.0 before version 5.2.5, from version 5.3.0 before version 5.3.3 and from version 5.4.0 before version 5.4.1 allows remote attackers to write files to disk potentially allowing them to gain code execution, exploit CVE-2017-1000117 if a vulnerable version of git is in use, and or determine if an internal service exists via an argument injection vulnerability in the at parameter. | 6.0 |
2018-02-12 | CVE-2018-6888 | Typesettercms | Cross-Site Request Forgery (CSRF) vulnerability in Typesettercms Typesetter 5.1 An issue was discovered in Typesetter 5.1. | 6.0 |
2018-02-16 | CVE-2018-6324 | F Secure | Open Redirect vulnerability in F-Secure Radar 3.9.1 F-Secure Radar (on-premises) before 2018-02-15 has an Unvalidated Redirect via the ReturnUrl parameter that triggers upon a user login. | 5.8 |
2018-02-15 | CVE-2017-8945 | HP | Open Redirect vulnerability in HP Icewall Federation Agent 3.0 A Remote Unauthorized Disclosure of Information vulnerability in HPE IceWall Federation Agent version 3.0 was found. | 5.8 |
2018-02-15 | CVE-2017-5784 | HP | Improper Input Validation vulnerability in HP Matrix Operating Environment 7.6 A missing HSTS Header vulnerability in HPE Matrix Operating Environment version v7.6 was found. | 5.8 |
2018-02-15 | CVE-2017-5782 | HP | Improper Input Validation vulnerability in HP Matrix Operating Environment 7.6 A missing HSTS Header vulnerability in HPE Matrix Operating Environment version v7.6 was found. | 5.8 |
2018-02-15 | CVE-2017-17285 | Huawei | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Huawei Lon-Al00B Firmware Lonal00Bc00 Bluetooth module in some Huawei mobile phones with software LON-AL00BC00B229 and earlier versions has a buffer overflow vulnerability. | 5.8 |
2018-02-12 | CVE-2017-9963 | Schneider Electric | Cross-Site Request Forgery (CSRF) vulnerability in Schneider-Electric Powerscada Anywhere 1.0 A cross-site request forgery vulnerability exists on the Secure Gateway component of Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 for multiple state-changing requests. | 5.8 |
2018-02-12 | CVE-2017-17723 | Exiv2 | Out-of-bounds Read vulnerability in Exiv2 0.26 In Exiv2 0.26, there is a heap-based buffer over-read in the Exiv2::Image::byteSwap4 function in image.cpp. | 5.8 |
2018-02-12 | CVE-2017-18178 | Progress | Open Redirect vulnerability in Progress Sitefinity 9.1 Authenticate/SWT in Progress Sitefinity 9.1 has an open redirect issue in which an authentication token is sent to the redirection target, if the target is specified using a certain %40 syntax. | 5.8 |
2018-02-15 | CVE-2017-15345 | Huawei | Resource Exhaustion vulnerability in Huawei Lon-L29D Firmware Lonl29Dc721B186 Huawei Smartphones with software LON-L29DC721B186 have a denial of service vulnerability. | 5.7 |
2018-02-15 | CVE-2017-5828 | HP | XXE vulnerability in HP Aruba Clearpass Policy Manager An arbitrary command execution vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found. | 5.5 |
2018-02-15 | CVE-2017-12553 | HP Linux Microsoft | Unspecified vulnerability in HP System Management Homepage A local authentication bypass vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found. | 5.5 |
2018-02-15 | CVE-2017-12552 | HP Linux Microsoft | Unspecified vulnerability in HP System Management Homepage A local arbitrary execution of commands vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found. | 5.5 |
2018-02-15 | CVE-2017-12551 | HP Linux Microsoft | Unspecified vulnerability in HP System Management Homepage A local arbitrary execution of commands vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found. | 5.5 |
2018-02-15 | CVE-2017-12550 | HP Linux Microsoft | Unspecified vulnerability in HP System Management Homepage A local security misconfiguration vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found. | 5.5 |
2018-02-15 | CVE-2017-12549 | HP Linux Microsoft | Improper Authentication vulnerability in HP System Management Homepage A local authentication bypass vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found. | 5.5 |
2018-02-15 | CVE-2017-12548 | HP Linux Microsoft | Unspecified vulnerability in HP System Management Homepage A local arbitrary command execution vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found. | 5.5 |
2018-02-15 | CVE-2017-12547 | HP Linux Microsoft | Unspecified vulnerability in HP System Management Homepage A local arbitrary command execution vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found. | 5.5 |
2018-02-15 | CVE-2017-12546 | HP Linux Microsoft | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in HP System Management Homepage A local buffer overflow vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found. | 5.5 |
2018-02-15 | CVE-2017-17186 | Huawei | Improper Input Validation vulnerability in Huawei products Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00 have a DoS vulnerability. | 5.5 |
2018-02-15 | CVE-2014-0014 | Emberjs | Cross-site Scripting vulnerability in Emberjs Ember.Js Ember.js 1.0.x before 1.0.1, 1.1.x before 1.1.3, 1.2.x before 1.2.1, 1.3.x before 1.3.1, and 1.4.x before 1.4.0-beta.2 allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging an application using the "{{group}}" Helper and a crafted payload. | 5.4 |
2018-02-15 | CVE-2014-0013 | Emberjs | Cross-site Scripting vulnerability in Emberjs Ember.Js Ember.js 1.0.x before 1.0.1, 1.1.x before 1.1.3, 1.2.x before 1.2.1, 1.3.x before 1.3.1, and 1.4.x before 1.4.0-beta.2 allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging an application that contains templates whose context is set to a user-supplied primitive value and also contain the `{{this}}` special Handlebars variable. | 5.4 |
2018-02-16 | CVE-2018-6218 | Trendmicro | Untrusted Search Path vulnerability in Trendmicro products A DLL Hijacking vulnerability in Trend Micro's User-Mode Hooking Module (UMH) could allow an attacker to run arbitrary code on a vulnerable system. | 5.1 |
2018-02-14 | CVE-2018-7032 | Myrepos Project | Injection vulnerability in Myrepos Project Myrepos webcheckout in myrepos through 1.20171231 does not sanitize URLs that are passed to git clone, allowing a malicious website operator or a MitM attacker to take advantage of it for arbitrary code execution, as demonstrated by an "ext::sh -c" attack or an option injection attack. | 5.1 |
2018-02-18 | CVE-2018-7212 | Sinatrarb Microsoft | Path Traversal vulnerability in Sinatrarb Sinatra 2.0.0/2.0.1 An issue was discovered in rack-protection/lib/rack/protection/path_traversal.rb in Sinatra 2.x before 2.0.1 on Windows. | 5.0 |
2018-02-18 | CVE-2018-7210 | Idashboards | Information Exposure vulnerability in Idashboards An issue was discovered in iDashboards 9.6b. | 5.0 |
2018-02-18 | CVE-2018-7209 | Idashboards | Information Exposure vulnerability in Idashboards An issue was discovered in iDashboards 9.6b. | 5.0 |
2018-02-16 | CVE-2017-18190 | Apple Debian Canonical | Authentication Bypass by Spoofing vulnerability in multiple products A localhost.localdomain whitelist entry in valid_host() in scheduler/client.c in CUPS before 2.2.2 allows remote attackers to execute arbitrary IPP commands by sending POST requests to the CUPS daemon in conjunction with DNS rebinding. | 5.0 |
2018-02-16 | CVE-2018-1000068 | Jenkins Oracle | Information Exposure vulnerability in multiple products An improper input validation vulnerability exists in Jenkins versions 2.106 and earlier, and LTS 2.89.3 and earlier, that allows an attacker to access plugin resource files in the META-INF and WEB-INF directories that should not be accessible, if the Jenkins home directory is on a case-insensitive file system. | 5.0 |
2018-02-16 | CVE-2018-1000067 | Jenkins Oracle | Server-Side Request Forgery (SSRF) vulnerability in multiple products An improper authorization vulnerability exists in Jenkins versions 2.106 and earlier, and LTS 2.89.3 and earlier, that allows an attacker to have Jenkins submit HTTP GET requests and get limited information about the response. | 5.0 |
2018-02-15 | CVE-2017-8982 | HP | Unspecified vulnerability in HP Intelligent Management Center 7.3 A Remote Authentication Restriction Bypass vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P4 was found. | 5.0 |
2018-02-15 | CVE-2017-8980 | HP | Information Exposure vulnerability in HP Intelligent Management Center 7.3 A Remote Disclosure of Information vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P2 was found. | 5.0 |
2018-02-15 | CVE-2017-8970 | HP | Information Exposure vulnerability in HP Matrix Operating Environment 7.6 A remote unauthenticated disclosure of information vulnerability in HPE Matrix Operating Environment version 7.6 LR1 was found. | 5.0 |
2018-02-15 | CVE-2017-8952 | HP | Information Exposure vulnerability in HP Sitescope A Disclosure of Sensitive Information vulnerability in HPE SiteScope version v11.2x, v11.3x was found. | 5.0 |
2018-02-15 | CVE-2017-5812 | HP | SQL Injection vulnerability in HP Network Automation A remote sql information disclosure vulnerability in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found. | 5.0 |
2018-02-15 | CVE-2017-5801 | HP | Information Exposure vulnerability in HP Business Process Monitor A Remote Unauthorized Access to Data vulnerability in HPE Business Process Monitor version v09.2x, v09.30 was found. | 5.0 |
2018-02-15 | CVE-2017-5783 | HP | Improper Input Validation vulnerability in HP Matrix Operating Environment 7.6 A remote clickjacking vulnerability in HPE Matrix Operating Environment version v7.6 was found. | 5.0 |
2018-02-15 | CVE-2016-8531 | HP | Information Exposure vulnerability in HP Matrix Operating Environment 7.6 A remote information disclosure vulnerability in HPE Matrix Operating Environment version 7.6 was found. | 5.0 |
2018-02-15 | CVE-2016-8530 | HP | Improper Input Validation vulnerability in HP Intelligent Management Center A remote denial of service vulnerability in HPE iMC PLAT version v7.2 E0403P06 and earlier was found. | 5.0 |
2018-02-15 | CVE-2016-8525 | HP | Information Exposure vulnerability in HP Intelligent Management Center A Remote Disclosure of Information vulnerability in HPE iMC PLAT version v7.2 E0403P06 and earlier was found. | 5.0 |
2018-02-15 | CVE-2016-8518 | HP | Denial of Service vulnerability in HP Systems Insight Manager A remote denial of service vulnerability in HPE Systems Insight Manager in all versions prior to 7.6 was found. | 5.0 |
2018-02-15 | CVE-2016-8516 | HP | Unspecified vulnerability in HP Systems Insight Manager A remote denial of service vulnerability in HPE Systems Insight Manager in all versions prior to 7.6 was found. | 5.0 |
2018-02-15 | CVE-2018-7169 | Shadow Project | Incorrect Permission Assignment for Critical Resource vulnerability in Shadow Project Shadow 4.5 An issue was discovered in shadow 4.5. | 5.0 |
2018-02-15 | CVE-2018-7052 | Irssi Canonical Debian | NULL Pointer Dereference vulnerability in multiple products An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. | 5.0 |
2018-02-15 | CVE-2018-7051 | Irssi Debian Canonical | Out-of-bounds Read vulnerability in multiple products An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. | 5.0 |
2018-02-15 | CVE-2018-7050 | Irssi Debian Canonical | NULL Pointer Dereference vulnerability in multiple products An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. | 5.0 |
2018-02-15 | CVE-2018-1041 | Jboss Redhat | Infinite Loop vulnerability in multiple products A vulnerability was found in the way RemoteMessageChannel, introduced in jboss-remoting versions 3.3.10, reads from an empty buffer. | 5.0 |
2018-02-15 | CVE-2017-17299 | Huawei | Improper Input Validation vulnerability in Huawei products Huawei AR120-S V200R006C10, V200R007C00, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C02, AR1200-S V200R006C10, V200R007C00, V200R008C20, AR150 V200R006C10, V200R007C00, V200R007C02, AR150-S V200R006C10, V200R007C00, AR160 V200R006C10, V200R006C12, V200R007C00S, V200R007C02, AR200 V200R006C10, V200R007C00, AR200-S V200R006C10, V200R007C00, AR2200 V200R006C10, V200R006C13, V200R006C16, V200R007C00, V200R007C02, AR2200-S V200R006C10, V200R007C00, V200R008C20, AR3200 V200R006C10, V200R006C11, V200R007C00, V200R007C02, AR3600 V200R006C10, V200R007C00, AR510 V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00, IPS Module V500R001C30, NIP6300 V500R001C30, NetEngine16EX V200R006C10, V200R007C00 have an insufficient input validation vulnerability. | 5.0 |
2018-02-15 | CVE-2017-17298 | Huawei | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Huawei products Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR1200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR150 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR150-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR160 V200R006C10, V200R006C12, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR200 V200R006C10, V200R007C00, V200R007C01, V200R008C20, V200R008C30, AR200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR2200 V200R006C10, V200R006C13, V200R006C16, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR2200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR3200 V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30, AR3600 V200R006C10, V200R007C00, V200R007C01, V200R008C20, AR510 V200R006C10, V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00, V200R008C20, V200R008C30, DP300 V500R002C00, NetEngine16EX V200R006C10, V200R007C00, V200R008C20, V200R008C30, RP200 V500R002C00, V600R006C00, SRG1300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG2300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG3300 V200R006C10, V200R007C00, V200R008C20, V200R008C30, TE30 V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00, TP3106 V100R002C00, TP3206 V100R002C00, V100R002C10, ViewPoint 9030 V100R011C02, V100R011C03 have a buffer overflow vulnerability. | 5.0 |
2018-02-15 | CVE-2017-17297 | Huawei | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Huawei products Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR1200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR150 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR150-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR160 V200R006C10, V200R006C12, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR200 V200R006C10, V200R007C00, V200R007C01, V200R008C20, V200R008C30, AR200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR2200 V200R006C10, V200R006C13, V200R006C16, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR2200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR3200 V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30, AR3600 V200R006C10, V200R007C00, V200R007C01, V200R008C20, AR510 V200R006C10, V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00, V200R008C20, V200R008C30, DP300 V500R002C00, IPS Module V100R001C10, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, NGFW Module V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R002C00, V500R002C10, NIP6300 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6600 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6800 V500R001C50, NetEngine16EX V200R006C10, V200R007C00, V200R008C20, V200R008C30, RP200 V500R002C00, V600R006C00, RSE6500 V500R002C00, SRG1300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG2300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG3300 V200R006C10, V200R007C00, V200R008C20, V200R008C30, SVN5600 V200R003C00, V200R003C10, SVN5800 V200R003C10, SVN5800-C V200R003C00, V200R003C10, SeMG9811 V300R001C01, Secospace USG6300 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6500 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6600 V100R001C00, V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, TE30 V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00, TP3106 V100R002C00, TP3206 V100R002C00, V100R002C10, USG9500 V500R001C00, V500R001C20, V500R001C30, V500R001C50, USG9520 V300R001C01, V300R001C20, USG9560 V300R001C01, V300R001C20, USG9580 V300R001C01, V300R001C20, ViewPoint 9030 V100R011C02, V100R011C03, eSpace U1981 V200R003C20SPC900, V200R003C30SPC200 have a buffer overflow vulnerability. | 5.0 |
2018-02-15 | CVE-2017-17296 | Huawei | Missing Release of Resource after Effective Lifetime vulnerability in Huawei products Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR1200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR150 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR150-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR160 V200R006C10, V200R006C12, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR200 V200R006C10, V200R007C00, V200R007C01, V200R008C20, V200R008C30, AR200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR2200 V200R006C10, V200R006C13, V200R006C16, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR2200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR3200 V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30, AR3600 V200R006C10, V200R007C00, V200R007C01, V200R008C20, AR510 V200R006C10, V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00, V200R008C20, V200R008C30, DP300 V500R002C00, IPS Module V100R001C10, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, NGFW Module V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R002C00, V500R002C10, NIP6300 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6600 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6800 V500R001C50, NetEngine16EX V200R006C10, V200R007C00, V200R008C20, V200R008C30, RP200 V500R002C00, V600R006C00, RSE6500 V500R002C00, SRG1300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG2300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG3300 V200R006C10, V200R007C00, V200R008C20, V200R008C30, SVN5600 V200R003C00, V200R003C10, SVN5800 V200R003C10, SVN5800-C V200R003C00, V200R003C10, SeMG9811 V300R001C01, Secospace USG6300 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6500 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6600 V100R001C00, V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, TE30 V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00, TP3106 V100R002C00, TP3206 V100R002C00, V100R002C10, USG9500 V500R001C00, V500R001C20, V500R001C30, V500R001C50, USG9520 V300R001C01, V300R001C20, USG9560 V300R001C01, V300R001C20, USG9580 V300R001C01, V300R001C20, ViewPoint 9030 V100R011C02, V100R011C03, eSpace U1981 V200R003C20SPC900, V200R003C30SPC200 have a memory leak vulnerability. | 5.0 |
2018-02-15 | CVE-2017-17295 | Huawei | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Huawei products Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR1200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR150 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR150-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR160 V200R006C10, V200R006C12, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR200 V200R006C10, V200R007C00, V200R007C01, V200R008C20, V200R008C30, AR200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR2200 V200R006C10, V200R006C13, V200R006C16, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR2200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR3200 V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30, AR3600 V200R006C10, V200R007C00, V200R007C01, V200R008C20, AR510 V200R006C10, V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00, V200R008C20, V200R008C30, DP300 V500R002C00, IPS Module V100R001C10, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, NGFW Module V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R002C00, V500R002C10, NIP6300 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6600 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6800 V500R001C50, NetEngine16EX V200R006C10, V200R007C00, V200R008C20, V200R008C30, RP200 V500R002C00, V600R006C00, RSE6500 V500R002C00, SRG1300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG2300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG3300 V200R006C10, V200R007C00, V200R008C20, V200R008C30, SVN5600 V200R003C00, V200R003C10, SVN5800 V200R003C10, SVN5800-C V200R003C00, V200R003C10, SeMG9811 V300R001C01, Secospace USG6300 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6500 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6600 V100R001C00, V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, TE30 V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00, TP3106 V100R002C00, TP3206 V100R002C00, V100R002C10, USG9500 V500R001C00, V500R001C20, V500R001C30, V500R001C50, USG9520 V300R001C01, V300R001C20, USG9560 V300R001C01, V300R001C20, USG9580 V300R001C01, V300R001C20, ViewPoint 9030 V100R011C02, V100R011C03, eSpace U1981 V200R003C20SPC900, V200R003C30SPC200 have a buffer overflow vulnerability. | 5.0 |
2018-02-15 | CVE-2017-17290 | Huawei | Resource Exhaustion vulnerability in Huawei Te60 Firmware and Viewpoint 9030 Firmware The Light Directory Access Protocol (LDAP) clients of Huawei TE60 with software V600R006C00, ViewPoint 9030 with software V100R011C02, V100R011C03 have a resource management errors vulnerability. | 5.0 |
2018-02-15 | CVE-2017-17288 | Huawei | Integer Overflow or Wraparound vulnerability in Huawei products Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00 have an integer overflow vulnerability. | 5.0 |
2018-02-15 | CVE-2017-17287 | Huawei | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Huawei products Huawei AR120-S V200R005C32, V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1200 V200R005C32, V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR1200-S V200R005C32, V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR150 V200R005C32, V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR150-S V200R005C32, V200R007C00, V200R008C20, V200R008C30, AR160 V200R005C32, V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR200 V200R005C32, V200R006C10, V200R007C00, V200R007C01, V200R008C20, V200R008C30, AR200-S V200R005C32, V200R006C10, V200R007C00, V200R008C20, V200R008C30,AR2200 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR2200-S V200R005C32, V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR3200 V200R005C32, V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30, AR3600 V200R006C10, V200R007C00, V200R007C01, V200R008C20, AR510 V200R005C32, V200R006C10, V200R007C00, V200R008C20, V200R008C30, NetEngine16EX V200R005C32, V200R006C10, V200R007C00, V200R008C20, V200R008C30, SRG1300 V200R005C32, V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG2300 V200R005C32, V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG3300 V200R005C32, V200R006C10, V200R007C00, V200R008C20, V200R008C30 have an out-of-bound read vulnerability in some Huawei products. | 5.0 |
2018-02-15 | CVE-2017-17286 | Huawei | Out-of-bounds Write vulnerability in Huawei products Huawei AR120-S V200R005C32, V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1200 V200R005C32, V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR1200-S V200R005C32, V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR150 V200R005C32, V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR150-S V200R005C32, V200R007C00, V200R008C20, V200R008C30, AR160 V200R005C32, V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR200 V200R005C32, V200R006C10, V200R007C00, V200R007C01, V200R008C20, V200R008C30, AR200-S V200R005C32, V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR2200 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR2200-S V200R005C32, V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR3200 V200R005C32, V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30, AR3600 V200R006C10, V200R007C00, V200R007C01, V200R008C20, AR510 V200R005C32, V200R006C10, V200R007C00, V200R008C20, V200R008C30, NetEngine16EX V200R005C32, V200R006C10, V200R007C00, V200R008C20, V200R008C30, SRG1300 V200R005C32, V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG2300 V200R005C32, V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG3300 V200R005C32, V200R006C10, V200R007C00, V200R008C20, V200R008C30 have an out-of-bound write vulnerability. | 5.0 |
2018-02-15 | CVE-2017-17284 | Huawei | Unspecified vulnerability in Huawei products Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00 have a resource management error vulnerability. | 5.0 |
2018-02-15 | CVE-2017-17283 | Huawei | Improper Input Validation vulnerability in Huawei products Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00 have an out-of-bound read vulnerability. | 5.0 |
2018-02-15 | CVE-2017-17202 | Huawei | Out-of-bounds Read vulnerability in Huawei products Huawei AR120-S V200R005C32, V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1200 V200R005C32, V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR1200-S V200R005C32, V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR150 V200R005C32, V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR150-S V200R005C32, V200R007C00, V200R008C20, V200R008C30, AR160 V200R005C32, V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR200 V200R005C32, V200R006C10, V200R007C00, V200R007C01, V200R008C20, V200R008C30, AR200-S V200R005C32, V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR2200 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR2200-S V200R005C32, V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR3200 V200R005C32, V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30, AR3600 V200R006C10, V200R007C00, V200R007C01, V200R008C20, AR510 V200R005C32, V200R006C10, V200R007C00, V200R008C20, V200R008C30, NetEngine16EX V200R005C32, V200R006C10, V200R007C00, V200R008C20, V200R008C30, SRG1300 V200R005C32, V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG2300 V200R005C32, V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG3300 V200R005C32, V200R006C10, V200R007C00, V200R008C20, V200R008C30 have an out-of-bounds read vulnerability due to insufficient input validation. | 5.0 |
2018-02-15 | CVE-2017-17166 | Huawei | Resource Exhaustion vulnerability in Huawei products Huawei DP300 V500R002C00, Secospace USG6300 V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6500 V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6600 V500R001C00, V500R001C20, V500R001C30, V500R001C50, TP3206 V100R002C00, VP9660 V500R002C00, V500R002C10 have a resource exhaustion vulnerability. | 5.0 |
2018-02-15 | CVE-2017-17164 | Huawei | Missing Release of Resource after Effective Lifetime vulnerability in Huawei Secospace Antiddos8000 Firmware V500R001C20Spc500 Huawei Secospace AntiDDoS8000 V500R001C20SPC500 have a memory leak vulnerability due to memory don't be released when the system open some function. | 5.0 |
2018-02-15 | CVE-2017-17157 | Huawei | Improper Input Validation vulnerability in Huawei products IKEv2 in Huawei IPS Module V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NGFW Module V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NIP6300 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NIP6600 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, Secospace USG6300 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, Secospace USG6500 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, Secospace USG6600 V500R001C00, V500R001C00SPC100, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC301, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200PWE, V500R001C20SPC300, V500R001C20SPC300B078, V500R001C20SPC300PWE, USG9500 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC303, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE has an out-of-bounds memory access vulnerability due to insufficient input validation. | 5.0 |
2018-02-15 | CVE-2017-17156 | Huawei | Improper Input Validation vulnerability in Huawei products IKEv2 in Huawei IPS Module V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NGFW Module V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NIP6300 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NIP6600 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, Secospace USG6300 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, Secospace USG6500 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, Secospace USG6600 V500R001C00, V500R001C00SPC100, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC301, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200PWE, V500R001C20SPC300, V500R001C20SPC300B078, V500R001C20SPC300PWE, USG9500 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC303, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE has an out-of-bounds memory access vulnerability due to insufficient input validation. | 5.0 |
2018-02-15 | CVE-2017-17155 | Huawei | Out-of-bounds Write vulnerability in Huawei products IKEv2 in Huawei IPS Module V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NGFW Module V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NIP6300 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NIP6600 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, Secospace USG6300 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, Secospace USG6500 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, Secospace USG6600 V500R001C00, V500R001C00SPC100, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC301, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200PWE, V500R001C20SPC300, V500R001C20SPC300B078, V500R001C20SPC300PWE, USG9500 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC303, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE has an out-of-bounds memory access vulnerability due to incompliance with the 4-byte alignment requirement imposed by the MIPS CPU. | 5.0 |
2018-02-15 | CVE-2017-17154 | Huawei | Improper Input Validation vulnerability in Huawei products IKEv2 in Huawei IPS Module V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NGFW Module V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NIP6300 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NIP6600 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, Secospace USG6300 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, Secospace USG6500 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, Secospace USG6600 V500R001C00, V500R001C00SPC100, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC301, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200PWE, V500R001C20SPC300, V500R001C20SPC300B078, V500R001C20SPC300PWE, USG9500 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC303, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE has a DoS vulnerability due to insufficient input validation. | 5.0 |
2018-02-15 | CVE-2017-17153 | Huawei | Improper Input Validation vulnerability in Huawei products IKEv2 in Huawei IPS Module V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NGFW Module V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NIP6300 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NIP6600 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, Secospace USG6300 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, Secospace USG6500 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, Secospace USG6600 V500R001C00, V500R001C00SPC100, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC301, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200PWE, V500R001C20SPC300, V500R001C20SPC300B078, V500R001C20SPC300PWE, USG9500 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC303, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE has a memory leak vulnerability due to memory release failure resulted from insufficient input validation. | 5.0 |
2018-02-15 | CVE-2017-15356 | Huawei | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Huawei products Huawei DP300, V500R002C00, RP200, V600R006C00, TE30, V100R001C10, V500R002C00,V600R006C00, TE40, V500R002C00, V600R006C00, TE50, V500R002C00,V600R006C00, TE60, V100R001C10, V500R002C00, V600R006C00, TX50,V500R002C00, V600R006C00 have a buffer overflow vulnerability. | 5.0 |
2018-02-15 | CVE-2017-15355 | Huawei | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Huawei products Huawei DP300, V500R002C00, RP200, V600R006C00, TE30, V100R001C10, V500R002C00,V600R006C00, TE40, V500R002C00, V600R006C00, TE50, V500R002C00,V600R006C00, TE60, V100R001C10, V500R002C00, V600R006C00, TX50,V500R002C00, V600R006C00 have a buffer overflow vulnerability. | 5.0 |
2018-02-15 | CVE-2017-15354 | Huawei | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Huawei products Huawei DP300, V500R002C00, RP200, V600R006C00, TE30, V100R001C10, V500R002C00,V600R006C00, TE40, V500R002C00, V600R006C00, TE50, V500R002C00,V600R006C00, TE60, V100R001C10, V500R002C00, V600R006C00, TX50,V500R002C00, V600R006C00 have a buffer overflow vulnerability. | 5.0 |
2018-02-15 | CVE-2017-15350 | Huawei | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Huawei products The Common Open Policy Service Protocol (COPS) module in Huawei DP300 V500R002C00, IPS Module V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, NGFW Module V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, NIP6300 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6600 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6800 V500R001C50, RP200 V500R002C00, V600R006C00, SVN5600 V200R003C00, V200R003C10, SVN5800 V200R003C00, V200R003C10,SVN5800-C V200R003C00, V200R003C10, Secospace USG6300 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6500 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6600 V100R001C00, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, TE30 V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00, TP3206 V100R002C00, V100R002C10,USG9500 V500R001C00, V500R001C20, V500R001C30, V500R001C50 haa a buffer overflow vulnerability. | 5.0 |
2018-02-15 | CVE-2017-15349 | Huawei | Missing Release of Resource after Effective Lifetime vulnerability in Huawei products Huawei CloudEngine 12800 V100R003C00, V100R005C00, V100R005C10, V100R006C00,CloudEngine 5800 V100R003C00, V100R005C00, V100R005C10, V100R006C00,CloudEngine 6800 V100R003C00, V100R005C00, V100R005C10, V100R006C00,CloudEngine 7800 V100R003C00, V100R005C00, V100R005C10, V100R006C00 have a memory leak vulnerability. | 5.0 |
2018-02-15 | CVE-2017-15342 | Huawei | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Huawei products Huawei DP300 V500R002C00, TE60 V600R006C00, TP3106 V100R002C00, eSpace U1981 V200R003C30SPC100 have a denial of service vulnerability. | 5.0 |
2018-02-15 | CVE-2017-15341 | Huawei | Improper Certificate Validation vulnerability in Huawei products Huawei AR3200 V200R008C20, V200R008C30, TE40 V600R006C00, TE50 V600R006C00, TE60 V600R006C00 have a denial of service vulnerability. | 5.0 |
2018-02-15 | CVE-2017-15336 | Huawei | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Huawei products The SIP backup feature in Huawei DP300 V500R002C00, IPS Module V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, NGFW Module V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R002C00, V500R002C10, NIP6300 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6600 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6800 V500R001C50, RP200 V500R002C00, V600R006C00, SVN5600 V200R003C00, V200R003C10, SVN5800 V200R003C00, V200R003C10, SVN5800-C V200R003C00, V200R003C10, SeMG9811 V300R001C01, Secospace USG6300 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6500 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6600 V100R001C00, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, TE30 V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00, USG9500 V500R001C00, V500R001C20, V500R001C30, USG9520 V300R001C01, V300R001C20, USG9560 V300R001C01, V300R001C20, USG9580 V300R001C01, V300R001C20, VP9660 V200R001C02, V200R001C30, V500R002C00, V500R002C10, ViewPoint 8660 V100R008C03, ViewPoint 9030 V100R011C02, V100R011C03, eSpace U1981 V100R001C20, V200R003C00, V200R003C20, V200R003C30 has a buffer overflow vulnerability. | 5.0 |
2018-02-15 | CVE-2017-15335 | Huawei | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Huawei products The SIP backup feature in Huawei DP300 V500R002C00, IPS Module V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, NGFW Module V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R002C00, V500R002C10, NIP6300 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6600 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6800 V500R001C50, RP200 V500R002C00, V600R006C00, SVN5600 V200R003C00, V200R003C10, SVN5800 V200R003C00, V200R003C10, SVN5800-C V200R003C00, V200R003C10, SeMG9811 V300R001C01, Secospace USG6300 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6500 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6600 V100R001C00, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, TE30 V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00, USG9500 V500R001C00, V500R001C20, V500R001C30, USG9520 V300R001C01, V300R001C20, USG9560 V300R001C01, V300R001C20, USG9580 V300R001C01, V300R001C20, VP9660 V200R001C02, V200R001C30, V500R002C00, V500R002C10, ViewPoint 8660 V100R008C03, ViewPoint 9030 V100R011C02, V100R011C03, eSpace U1981 V100R001C20, V200R003C00, V200R003C20, V200R003C30 has a buffer overflow vulnerability. | 5.0 |
2018-02-15 | CVE-2017-15334 | Huawei | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Huawei products The SIP backup feature in Huawei DP300 V500R002C00, IPS Module V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, NGFW Module V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R002C00, V500R002C10, NIP6300 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6600 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6800 V500R001C50, RP200 V500R002C00, V600R006C00, SVN5600 V200R003C00, V200R003C10, SVN5800 V200R003C00, V200R003C10, SVN5800-C V200R003C00, V200R003C10, SeMG9811 V300R001C01, Secospace USG6300 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6500 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6600 V100R001C00, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, TE30 V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00, USG9500 V500R001C00, V500R001C20, V500R001C30, USG9520 V300R001C01, V300R001C20, USG9560 V300R001C01, V300R001C20, USG9580 V300R001C01, V300R001C20, VP9660 V200R001C02, V200R001C30, V500R002C00, V500R002C10, ViewPoint 8660 V100R008C03, ViewPoint 9030 V100R011C02, V100R011C03, eSpace U1981 V100R001C20, V200R003C00, V200R003C20, V200R003C30 has a buffer overflow vulnerability. | 5.0 |
2018-02-15 | CVE-2017-15332 | Huawei | Missing Release of Resource after Effective Lifetime vulnerability in Huawei products Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR1200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR150 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR150-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR160 V200R006C10, V200R006C12, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR200 V200R006C10, V200R007C00, V200R007C01, V200R008C20, V200R008C30, AR200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR2200 V200R006C10, V200R006C13, V200R006C16PWE, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR2200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR3200 V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30, AR510 V200R006C10, V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00, V200R008C20, V200R008C30, DP300 V500R002C00, IPS Module V100R001C10SPC200, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, MAX PRESENCE V100R001C00, NGFW Module V100R001C10SPC200, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R002C00, V500R002C10, NIP6300 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6600 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6800 V500R001C50, NetEngine16EX V200R006C10, V200R007C00, V200R008C20, V200R008C30, RP200 V500R002C00SPC200, V600R006C00, RSE6500 V500R002C00, SMC2.0 V100R003C10, V100R005C00, V500R002C00, V500R002C00T, V600R006C00, V600R006C00T, SRG1300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG2300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG3300 V200R006C10, V200R007C00, V200R008C20, V200R008C30, SVN5600 V200R003C00, V200R003C10, SVN5800 V200R003C00, V200R003C10, SVN5800-C V200R003C00, V200R003C10, Secospace USG6300 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6500 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00, TP3106 V100R002C00, TP3206 V100R002C00, USG9500 V500R001C00, V500R001C20, V500R001C30, V500R001C50, USG9520 V300R001C01, V300R001C20, USG9560 V300R001C01, V300R001C20, USG9580 V300R001C01, V300R001C20, ViewPoint 9030 V100R011C02, V100R011C03, have a memory leak vulnerability in H323 protocol. | 5.0 |
2018-02-15 | CVE-2017-15331 | Huawei | Out-of-bounds Read vulnerability in Huawei products Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR1200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR150 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR150-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR160 V200R006C10, V200R006C12, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR200 V200R006C10, V200R007C00, V200R007C01, V200R008C20, V200R008C30, AR200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR2200 V200R006C10, V200R006C13, V200R006C16PWE, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR2200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR3200 V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30, AR510 V200R006C10, V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00, V200R008C20, V200R008C30, DP300 V500R002C00, IPS Module V100R001C10SPC200, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, MAX PRESENCE V100R001C00, NGFW Module V100R001C10SPC200, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R002C00, V500R002C10, NIP6300 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6600 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6800 V500R001C50, NetEngine16EX V200R006C10, V200R007C00, V200R008C20, V200R008C30, RP200 V500R002C00SPC200, V600R006C00, RSE6500 V500R002C00, SMC2.0 V100R003C10, V100R005C00, V500R002C00, V500R002C00T, V600R006C00, V600R006C00T, SRG1300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG2300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG3300 V200R006C10, V200R007C00, V200R008C20, V200R008C30, SVN5600 V200R003C00, V200R003C10, SVN5800 V200R003C00, V200R003C10, SVN5800-C V200R003C00, V200R003C10, Secospace USG6300 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6500 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00, TP3106 V100R002C00, TP3206 V100R002C00, USG9500 V500R001C00, V500R001C20, V500R001C30, V500R001C50, USG9520 V300R001C01, V300R001C20, USG9560 V300R001C01, V300R001C20, USG9580 V300R001C01, V300R001C20, ViewPoint 9030 V100R011C02, V100R011C03, have an out-of-bounds read vulnerability in H323 protocol. | 5.0 |
2018-02-15 | CVE-2018-7056 | Steelcase | Information Exposure vulnerability in Steelcase Roomwizard Firmware RoomWizard before 4.4.x allows remote attackers to obtain potentially sensitive information about IP addresses via /getGroupTimeLineJSON.action. | 5.0 |
2018-02-15 | CVE-2018-7055 | Steelcase | Server-Side Request Forgery (SSRF) vulnerability in Steelcase Roomwizard Firmware GroupViewProxyServlet in RoomWizard before 4.4.x allows SSRF via the url parameter. | 5.0 |
2018-02-15 | CVE-2017-12722 | Smiths Medical | Out-of-bounds Read vulnerability in Smiths-Medical Medfusion 4000 Wireless Syringe Infusion Pump 1.1/1.5/1.6 An Out-of-bounds Read issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. | 5.0 |
2018-02-14 | CVE-2018-7034 | Trendnet | Improper Authentication vulnerability in Trendnet products TRENDnet TEW-751DR v1.03B03, TEW-752DRU v1.03B01, and TEW733GR v1.03B01 devices allow authentication bypass via an AUTHORIZED_GROUP=1 value, as demonstrated by a request for getcfg.php. | 5.0 |
2018-02-14 | CVE-2018-2394 | SAP | Unspecified vulnerability in SAP Internet Graphics Server Under certain conditions an unauthenticated malicious user can prevent legitimate users from accessing the SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, services and/or system files. | 5.0 |
2018-02-14 | CVE-2018-2393 | SAP | XXE vulnerability in SAP Internet Graphics Server Under certain conditions SAP Internet Graphics Server (IGS) 7.20, 7.20EXT, 7.45, 7.49, 7.53, fails to validate XML External Entity appropriately causing the SAP Internet Graphics Server (IGS) to become unavailable. | 5.0 |
2018-02-14 | CVE-2018-2392 | SAP | XXE vulnerability in SAP Internet Graphics Server Under certain conditions SAP Internet Graphics Server (IGS) 7.20, 7.20EXT, 7.45, 7.49, 7.53, fails to validate XML External Entity appropriately causing the SAP Internet Graphics Server (IGS) to become unavailable. | 5.0 |
2018-02-14 | CVE-2018-2370 | SAP | Server-Side Request Forgery (SSRF) vulnerability in SAP BI Launchpad 4.10/4.20/4.30 Server Side Request Forgery (SSRF) vulnerability in SAP Central Management Console, BI Launchpad and Fiori BI Launchpad, 4.10, from 4.20, from 4.30, could allow a malicious user to use common techniques to determine which ports are in use on the backend server. | 5.0 |
2018-02-14 | CVE-2018-2369 | SAP | Unspecified vulnerability in SAP Hana 1.00/2.00 Under certain conditions SAP HANA, 1.00, 2.00, allows an unauthenticated attacker to access information which would otherwise be restricted. | 5.0 |
2018-02-13 | CVE-2018-6910 | Dedecms | Exposure of Resource to Wrong Sphere vulnerability in Dedecms 5.7 DedeCMS 5.7 allows remote attackers to discover the full path via a direct request for include/downmix.inc.php or inc/inc_archives_functions.php. | 5.0 |
2018-02-13 | CVE-2018-6952 | GNU | Double Free vulnerability in GNU Patch A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6. | 5.0 |
2018-02-13 | CVE-2018-6951 | GNU Canonical | NULL Pointer Dereference vulnerability in multiple products An issue was discovered in GNU patch through 2.7.6. | 5.0 |
2018-02-13 | CVE-2018-6293 | Hyland | Information Exposure vulnerability in Hyland Saperion web Client 7.5.2 Arbitrary File Read in Saperion Web Client version 7.5.2 83166. | 5.0 |
2018-02-12 | CVE-2017-13246 | Information Exposure vulnerability in Google Android A information disclosure vulnerability in the Upstream kernel network driver. | 5.0 | |
2018-02-12 | CVE-2017-13243 | Information Exposure vulnerability in Google Android A information disclosure vulnerability in the Android system (ui). | 5.0 | |
2018-02-12 | CVE-2017-13242 | Information Exposure vulnerability in Google Android A information disclosure vulnerability in the Android system (bluetooth). | 5.0 | |
2018-02-12 | CVE-2017-13241 | Information Exposure vulnerability in Google Android A information disclosure vulnerability in the Android media framework (libstagefright_soft_avcenc). | 5.0 | |
2018-02-12 | CVE-2017-13240 | Information Exposure vulnerability in Google Android 8.0/8.1 A information disclosure vulnerability in the Android framework (crypto framework). | 5.0 | |
2018-02-12 | CVE-2017-13239 | Information Exposure vulnerability in Google Android 8.0 A information disclosure vulnerability in the Android framework (ui framework). | 5.0 | |
2018-02-12 | CVE-2016-9570 | Carbonblack | NULL Pointer Dereference vulnerability in Carbonblack Carbon Black 5.1.1.60603 cb.exe in Carbon Black 5.1.1.60603 allows attackers to cause a denial of service (out-of-bounds read, invalid pointer dereference, and application crash) by leveraging access to the NetMon named pipe. | 5.0 |
2018-02-12 | CVE-2018-6881 | Dedecms Phome | Information Exposure vulnerability in multiple products EmpireCMS 6.6 allows remote attackers to discover the full path via an array value for a parameter to admin/tool/ShowPic.php. | 5.0 |
2018-02-12 | CVE-2018-6880 | Phome | Exposure of Resource to Wrong Sphere vulnerability in Phome Empirecms 6.6/7.0/7.2 EmpireCMS 6.6 through 7.2 allows remote attackers to discover the full path via an array value for a parameter to class/connect.php. | 5.0 |
2018-02-15 | CVE-2017-8978 | HP | Information Exposure vulnerability in HP Icewall Mcrp, Icewall MFA and Icewall SSO A Remote Unauthorized Disclosure of Information vulnerability in HPE IceWall Products version MFA 4.0 proxy was found. | 4.9 |
2018-02-15 | CVE-2017-5809 | HP | Permission Issues vulnerability in HP Data Protector A Remote Arbitrary Code Execution vulnerability in HPE Data Protector version prior to 8.17 and 9.09 was found. | 4.9 |
2018-02-15 | CVE-2017-5788 | HP | Information Exposure vulnerability in HP Nonstop Server Software A Local Disclosure of Sensitive Information vulnerability in HPE NonStop Software Essentials version T0894 T0894H02 through T0894H02^AAI was found. | 4.9 |
2018-02-12 | CVE-2016-9569 | Carbonblack | Out-of-bounds Read vulnerability in Carbonblack Carbon Black 5.1.1.60603 The cbstream.sys driver in Carbon Black 5.1.1.60603 allows local users with admin privileges to cause a denial of service (out-of-bounds read and system crash) via a large counter value in an 0x62430028 IOCTL call. | 4.9 |
2018-02-12 | CVE-2017-13238 | Information Exposure vulnerability in Google Android In XBLRamDump mode, there is a debug feature that can be used to dump memory contents, if an attacker has physical access to the device. | 4.7 | |
2018-02-15 | CVE-2017-8985 | HP | Information Exposure vulnerability in HP XP Storage Hitachi Global Link Manager HPE XP Storage using Hitachi Global Link Manager (HGLM) has a local authenticated information disclosure vulnerability in HGLM version HGLM 6.3.0-00 to 8.5.2-00. | 4.6 |
2018-02-15 | CVE-2017-8951 | HP | Information Exposure vulnerability in HP Sitescope A Disclosure of Sensitive Information vulnerability in HPE SiteScope version v11.2x, v11.3x was found. | 4.6 |
2018-02-15 | CVE-2017-5829 | HP | Multiple Security vulnerability in ClearPass Policy Manager An access restriction bypass vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found. | 4.6 |
2018-02-15 | CVE-2018-0846 | Microsoft | Unspecified vulnerability in Microsoft products The Windows Common Log File System (CLFS) driver in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to how objects in memory are handled, aka "Windows Common Log File System Driver Elevation Of Privilege Vulnerability". | 4.6 |
2018-02-15 | CVE-2018-0844 | Microsoft | Unspecified vulnerability in Microsoft products The Windows Common Log File System (CLFS) driver in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to how objects in memory are handled, aka "Windows Common Log File System Driver Elevation Of Privilege Vulnerability". | 4.6 |
2018-02-15 | CVE-2018-0831 | Microsoft | Unspecified vulnerability in Microsoft Windows 10 and Windows Server 2016 The Windows kernel in Windows 10 versions 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to how objects in memory are handled, aka "Windows Kernel Elevation of Privilege Vulnerability". | 4.6 |
2018-02-15 | CVE-2018-0828 | Microsoft | Insufficiently Protected Credentials vulnerability in Microsoft Windows 10 and Windows Server 2016 Windows 10 version 1607 and Windows Server 2016 allow an elevation of privilege vulnerability due to how the MultiPoint management account password is stored, aka "Windows Elevation of Privilege Vulnerability". | 4.6 |
2018-02-15 | CVE-2018-0827 | Microsoft | Unspecified vulnerability in Microsoft Windows 10 and Windows Server 2016 Windows Scripting Host (WSH) in Windows 10 versions 1703 and 1709 and Windows Server, version 1709 allows a Device Guard security feature bypass vulnerability due to the way objects are handled in memory, aka "Windows Security Feature Bypass Vulnerability". | 4.6 |
2018-02-15 | CVE-2018-0820 | Microsoft | Unspecified vulnerability in Microsoft products The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka "Windows Kernel Elevation Of Privilege Vulnerability". | 4.6 |
2018-02-15 | CVE-2018-0756 | Microsoft | Unspecified vulnerability in Microsoft Windows 10 and Windows Server 2016 The Windows kernel in Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka "Windows Kernel Elevation of Privilege Vulnerability". | 4.6 |
2018-02-15 | CVE-2018-0742 | Microsoft | Unspecified vulnerability in Microsoft products The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka "Windows Kernel Elevation of Privilege Vulnerability". | 4.6 |
2018-02-13 | CVE-2017-1720 | IBM | Command Injection vulnerability in IBM Client Application Access and Notes IBM Notes 8.5 and 9.0 could allow a local attacker to execute arbitrary commands by carefully crafting a command line sent via the shared memory IPC. | 4.6 |
2018-02-12 | CVE-2017-9967 | Schneider Electric | Unspecified vulnerability in Schneider-Electric Interactive Graphical Scada System 10.0/9.0 A security misconfiguration vulnerability exists in Schneider Electric's IGSS SCADA Software versions 12 and prior. | 4.6 |
2018-02-12 | CVE-2018-6927 | Linux Canonical Debian Redhat | Integer Overflow or Wraparound vulnerability in Linux Kernel The futex_requeue function in kernel/futex.c in the Linux kernel before 4.14.15 might allow attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact by triggering a negative wake or requeue value. | 4.6 |
2018-02-12 | CVE-2017-13247 | Missing Authorization vulnerability in Google Android In the Pixel 2 bootloader, there is a missing permission check which bypasses carrier bootloader lock. | 4.6 | |
2018-02-12 | CVE-2017-13245 | Unspecified vulnerability in Google Android A elevation of privilege vulnerability in the Upstream kernel audio driver. | 4.6 | |
2018-02-12 | CVE-2017-13244 | Unspecified vulnerability in Google Android A elevation of privilege vulnerability in the Upstream kernel easel. | 4.6 | |
2018-02-12 | CVE-2017-13236 | Incorrect Permission Assignment for Critical Resource vulnerability in Google Android 8.0/8.1 In the KeyStore service, there is a permissions bypass that allows access to protected resources. | 4.6 | |
2018-02-15 | CVE-2018-0826 | Microsoft | Unspecified vulnerability in Microsoft Windows 10 and Windows Server 2016 Windows Storage Services in Windows 10 versions 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka "Windows Storage Services Elevation of Privilege Vulnerability". | 4.4 |
2018-02-15 | CVE-2018-0823 | Microsoft | Unspecified vulnerability in Microsoft Windows 10 and Windows Server 2016 The Named Pipe File System in Windows 10 version 1709 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way the Named Pipe File System handles objects, aka "Named Pipe File System Elevation of Privilege Vulnerability". | 4.4 |
2018-02-15 | CVE-2018-0822 | Microsoft | Unspecified vulnerability in Microsoft Windows 10 and Windows Server 2016 NTFS in Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way NTFS handles objects, aka "Windows NTFS Global Reparse Point Elevation of Privilege Vulnerability". | 4.4 |
2018-02-15 | CVE-2018-0821 | Microsoft | Improper Privilege Management vulnerability in Microsoft Windows 10 and Windows Server 2016 AppContainer in Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way constrained impersonations are handled, aka "Windows AppContainer Elevation Of Privilege Vulnerability". | 4.4 |
2018-02-12 | CVE-2018-1214 | Dell Microsoft | Use of Hard-coded Credentials vulnerability in Dell EMC Supportassist Enterprise 1.1 Dell EMC SupportAssist Enterprise version 1.1 creates a local Windows user account named "OMEAdapterUser" with a default password as part of the installation process. | 4.4 |
2018-02-18 | CVE-2018-7211 | Idashboards | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Idashboards An issue was discovered in iDashboards 9.6b. | 4.3 |
2018-02-18 | CVE-2018-7198 | Octobercms | Cross-site Scripting vulnerability in Octobercms October October CMS through 1.0.431 allows XSS by entering HTML on the Add Posts page. | 4.3 |
2018-02-18 | CVE-2018-7197 | Pluck CMS | Cross-site Scripting vulnerability in Pluck-Cms Pluck An issue was discovered in Pluck through 4.7.4. | 4.3 |
2018-02-16 | CVE-2018-3609 | Trendmicro | Information Exposure Through Log Files vulnerability in Trendmicro Interscan Messaging Security Virtual Appliance 9.0/9.1 A vulnerability in the Trend Micro InterScan Messaging Security Virtual Appliance 9.0 and 9.1 management portal could allow an unauthenticated user to access sensitive information in a particular log file that could be used to bypass authentication on vulnerable installations. | 4.3 |
2018-02-16 | CVE-2018-1049 | Systemd Project Redhat Canonical Debian | Race Condition vulnerability in multiple products In systemd prior to 234 a race condition exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint and any processes that try to use said mount will hang. | 4.3 |
2018-02-16 | CVE-2017-18090 | Atlassian | Cross-site Scripting vulnerability in Atlassian Fisheye 4.5.0 Various resources in Atlassian Fisheye before version 4.5.1 (the fixed version for 4.5.x) and before version 4.6.0 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a commit author. | 4.3 |
2018-02-16 | CVE-2018-6944 | Ultimatemember | Cross-site Scripting vulnerability in Ultimatemember Ultimate Member 2.0 core/lib/upload/um-file-upload.php in the UltimateMember plugin 2.0 for WordPress has a cross-site scripting vulnerability because it fails to properly sanitize user input passed to the $temp variable. | 4.3 |
2018-02-16 | CVE-2018-6943 | Ultimatemember | Cross-site Scripting vulnerability in Ultimatemember 2.0 core/lib/upload/um-image-upload.php in the UltimateMember plugin 2.0 for WordPress has a cross-site scripting vulnerability because it fails to properly sanitize user input passed to the $temp variable. | 4.3 |
2018-02-16 | CVE-2018-6189 | F Secure | Cross-site Scripting vulnerability in F-Secure Radar 3.9.1 F-Secure Radar (on-premises) before 2018-02-15 has XSS via vectors involving the Tags parameter in the JSON request body in an outbound request for the /api/latest/vulnerabilityscans/tags/batch resource, aka a "suggested metadata tags for assets" issue. | 4.3 |
2018-02-15 | CVE-2017-5798 | HP | Cross-site Scripting vulnerability in HP Opencall Media Platform A Remote Code Execution vulnerability in HPE OpenCall Media Platform (OCMP) was found. | 4.3 |
2018-02-15 | CVE-2017-5780 | HP | Improper Input Validation vulnerability in HP Matrix Operating Environment 7.6 A remote clickjacking vulnerability in HPE Matrix Operating Environment version v7.6 was found. | 4.3 |
2018-02-15 | CVE-2016-8521 | HP | Improper Input Validation vulnerability in HP Diagnostics 9.24/9.26 A Remote click jacking vulnerability in HPE Diagnostics version 9.24 IP1, 9.26 , 9.26IP1 was found. | 4.3 |
2018-02-15 | CVE-2016-8517 | HP | Cross-site Scripting vulnerability in HP Systems Insight Manager A cross site scripting vulnerability in HPE Systems Insight Manager in all versions prior to 7.6 was found. | 4.3 |
2018-02-15 | CVE-2018-7175 | Xpdfreader | NULL Pointer Dereference vulnerability in Xpdfreader Xpdf 4.00 An issue was discovered in xpdf 4.00. | 4.3 |
2018-02-15 | CVE-2018-7174 | Xpdfreader | Infinite Loop vulnerability in Xpdfreader Xpdf 4.00 An issue was discovered in xpdf 4.00. | 4.3 |
2018-02-15 | CVE-2018-7173 | Xpdfreader | Encoding Error vulnerability in Xpdfreader Xpdf 4.00 A large loop in JBIG2Stream::readSymbolDictSeg in xpdf 4.00 allows an attacker to cause denial of service via a specific file due to inappropriate decoding. | 4.3 |
2018-02-15 | CVE-2017-17201 | Huawei | Improper Input Validation vulnerability in Huawei products Some huawei smartphones with software BTV-DL09C233B350, Berlin-L21HNC432B360, Berlin-L22HNC636B360, Berlin-L24HNC567B360, Berlin-L21C10B130, Berlin-L21C185B132, Berlin-L21C464B130, Berlin-L22C346B140, Berlin-L22C636B160, Berlin-L23C605B131, Berlin-L23DOMC109B160, MHA-AL00AC00B125 have a DoS vulnerability. | 4.3 |
2018-02-15 | CVE-2017-17152 | Huawei | Improper Input Validation vulnerability in Huawei products IKEv2 in Huawei IPS Module V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NGFW Module V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NIP6300 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NIP6600 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, Secospace USG6300 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, Secospace USG6500 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, Secospace USG6600 V500R001C00, V500R001C00SPC100, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC301, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200PWE, V500R001C20SPC300, V500R001C20SPC300B078, V500R001C20SPC300PWE, USG9500 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC303, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE has an out-of-bounds write vulnerability due to insufficient input validation. | 4.3 |
2018-02-15 | CVE-2017-17151 | Huawei | Improper Input Validation vulnerability in Huawei products Huawei AR100, AR100-S, AR110-S, AR120, AR120-S, AR1200, AR1200-S, AR150, AR150-S, AR160, AR200, AR200-S, AR2200, AR2200-S, AR3200, AR510, DP300, NetEngine16EX, RP200, SRG1300, SRG2300, SRG3300, TE30, TE40, TE50, TE60, TP3106, TP3206, ViewPoint 8660, and ViewPoint 9030 have an insufficient validation vulnerability. | 4.3 |
2018-02-15 | CVE-2017-15353 | Huawei | Out-of-bounds Read vulnerability in Huawei products Huawei DP300, V500R002C00, RP200, V500R002C00, V600R006C00, RSE6500, V500R002C00, TE30, V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40, V500R002C00, V600R006C00, TE50, V500R002C00, V600R006C00, TE60, V100R001C01, V100R001C10, V500R002C00, V600R006C00, TX50, V500R002C00, V600R006C00, VP9660, V500R002C00, V500R002C10, ViewPoint 8660, V100R008C03, ViewPoint 9030, V100R011C02, V100R011C03, Viewpoint 8660, V100R008C03 have an out-of-bounds read vulnerability. | 4.3 |
2018-02-15 | CVE-2017-15346 | Huawei | Improper Input Validation vulnerability in Huawei products XML parser in Huawei S12700 V200R005C00,S1700 V200R009C00, V200R010C00,S3700 V100R006C03, V100R006C05,S5700 V200R001C00, V200R002C00, V200R003C00, V200R003C02, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00,S6700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R005C02, V200R008C00, V200R009C00, V200R010C00,S7700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00,S9700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00,eCNS210_TD V100R004C10, V100R004C10SPC003, V100R004C10SPC100, V100R004C10SPC101, V100R004C10SPC102, V100R004C10SPC200, V100R004C10SPC221, V100R004C10SPC400 has a DOS vulnerability. | 4.3 |
2018-02-15 | CVE-2017-15340 | Huawei | Unspecified vulnerability in Huawei Tag-Al00 Firmware Tagal00C92B168 Huawei smartphones with software of TAG-AL00C92B168 have an information disclosure vulnerability. | 4.3 |
2018-02-15 | CVE-2017-15339 | Huawei | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Huawei products The SIP module in Huawei DP300 V500R002C00, IPS Module V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, NGFW Module V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R002C00, V500R002C10, NIP6300 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6600 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6800 V500R001C50, RP200 V500R002C00, V600R006C00, SVN5600 V200R003C00, V200R003C10, SVN5800 V200R003C00, V200R003C10, SVN5800-C V200R003C00, V200R003C10, SeMG9811 V300R001C01, Secospace USG6300 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6500 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6600 V100R001C00, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, TE30 V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00, USG9500 V500R001C00, V500R001C20, V500R001C30, USG9520 V300R001C01, V300R001C20, USG9560 V300R001C01, V300R001C20, USG9580 V300R001C01, V300R001C20, VP9660 V200R001C02, V200R001C30, V500R002C00, V500R002C10, ViewPoint 8660 V100R008C03, ViewPoint 9030 V100R011C02, V100R011C03, eSpace U1981 V100R001C20, V200R003C00, V200R003C20, V200R003C30 has a buffer overflow vulnerability. | 4.3 |
2018-02-15 | CVE-2017-15338 | Huawei | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Huawei products The SIP module in Huawei DP300 V500R002C00, IPS Module V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, NGFW Module V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R002C00, V500R002C10, NIP6300 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6600 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6800 V500R001C50, RP200 V500R002C00, V600R006C00, SVN5600 V200R003C00, V200R003C10, SVN5800 V200R003C00, V200R003C10, SVN5800-C V200R003C00, V200R003C10, SeMG9811 V300R001C01, Secospace USG6300 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6500 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6600 V100R001C00, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, TE30 V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00, USG9500 V500R001C00, V500R001C20, V500R001C30, USG9520 V300R001C01, V300R001C20, USG9560 V300R001C01, V300R001C20, USG9580 V300R001C01, V300R001C20, VP9660 V200R001C02, V200R001C30, V500R002C00, V500R002C10, ViewPoint 8660 V100R008C03, ViewPoint 9030 V100R011C02, V100R011C03, eSpace U1981 V100R001C20, V200R003C00, V200R003C20, V200R003C30 has a buffer overflow vulnerability. | 4.3 |
2018-02-15 | CVE-2017-15337 | Huawei | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Huawei products The SIP module in Huawei DP300 V500R002C00, IPS Module V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, NGFW Module V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R002C00, V500R002C10, NIP6300 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6600 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6800 V500R001C50, RP200 V500R002C00, V600R006C00, SVN5600 V200R003C00, V200R003C10, SVN5800 V200R003C00, V200R003C10, SVN5800-C V200R003C00, V200R003C10, SeMG9811 V300R001C01, Secospace USG6300 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6500 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6600 V100R001C00, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, TE30 V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00, USG9500 V500R001C00, V500R001C20, V500R001C30, USG9520 V300R001C01, V300R001C20, USG9560 V300R001C01, V300R001C20, USG9580 V300R001C01, V300R001C20, VP9660 V200R001C02, V200R001C30, V500R002C00, V500R002C10, ViewPoint 8660 V100R008C03, ViewPoint 9030 V100R011C02, V100R011C03, eSpace U1981 V100R001C20, V200R003C00, V200R003C20, V200R003C30 has a buffer overflow vulnerability. | 4.3 |
2018-02-15 | CVE-2017-15333 | Huawei | Improper Input Validation vulnerability in Huawei products XML parser in Huawei S12700 V200R005C00,S1700 V200R009C00, V200R010C00,S3700 V100R006C03, V100R006C05,S5700 V200R001C00, V200R002C00, V200R003C00, V200R003C02, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00,S6700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R005C02, V200R008C00, V200R009C00, V200R010C00,S7700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00,S9700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00,eCNS210_TD V100R004C10, V100R004C10SPC003, V100R004C10SPC100, V100R004C10SPC101, V100R004C10SPC102, V100R004C10SPC200, V100R004C10SPC221, V100R004C10SPC400 has a DOS vulnerability. | 4.3 |
2018-02-15 | CVE-2017-18088 | Atlassian | Improper Input Validation vulnerability in Atlassian Bitbucket Various plugin servlet resources in Atlassian Bitbucket Server before version 5.3.7 (the fixed version for 5.3.x), from version 5.4.0 before 5.4.6 (the fixed version for 5.4.x), from version 5.5.0 before 5.5.6 (the fixed version for 5.5.x), from version 5.6.0 before 5.6.3 (the fixed version for 5.6.x), from version 5.7.0 before 5.7.1 (the fixed version for 5.7.x) and before 5.8.0 allow remote attackers to conduct clickjacking attacks via framing various resources that lacked clickjacking protection. | 4.3 |
2018-02-15 | CVE-2018-7057 | Steelcase | Cross-site Scripting vulnerability in Steelcase Roomwizard Firmware RoomWizard before 4.4.x allows XSS via the HelpAction.action pageName parameter. | 4.3 |
2018-02-15 | CVE-2017-12723 | Smiths Medical | Information Exposure vulnerability in Smiths-Medical Medfusion 4000 Wireless Syringe Infusion Pump 1.1/1.5/1.6 A Password in Configuration File issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. | 4.3 |
2018-02-15 | CVE-2017-12721 | Smiths Medical | Improper Certificate Validation vulnerability in Smiths-Medical Medfusion 4000 Wireless Syringe Infusion Pump 1.1/1.5/1.6 An Improper Certificate Validation issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. | 4.3 |
2018-02-15 | CVE-2018-0855 | Microsoft | Information Exposure vulnerability in Microsoft Windows 7 and Windows Server 2008 The Microsoft Windows Embedded OpenType (EOT) font engine in Microsoft Windows 7 SP1 and Windows Server 2008 R2 allows information disclosure, due to how the Windows EOT font engine handles embedded fonts, aka "Windows EOT Font Engine Information Disclosure Vulnerability". | 4.3 |
2018-02-15 | CVE-2018-0853 | Microsoft | Improper Initialization vulnerability in Microsoft Office 2010/2013/2016 Microsoft Office 2010 SP2, Microsoft Office 2013 SP1 and RT SP1, Microsoft Office 2016, and Microsoft Office 2016 Click-to-Run (C2R) allow an information disclosure vulnerability, due to how Office initializes the affected variable, aka "Microsoft Office Information Disclosure Vulnerability". | 4.3 |
2018-02-15 | CVE-2018-0850 | Microsoft | Unspecified vulnerability in Microsoft Office and Outlook Microsoft Outlook 2007, Microsoft Outlook 2010, Microsoft Outlook 2013, Microsoft Outlook 2016, and Microsoft Office 2016 Click-to-Run allow an elevation of privilege vulnerability due to how the format of incoming message is validated, aka "Microsoft Outlook Elevation of Privilege Vulnerability". | 4.3 |
2018-02-15 | CVE-2018-0847 | Microsoft | Out-of-bounds Write vulnerability in Microsoft Internet Explorer 11 Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow information disclosure, due to how Internet Explorer handles objects in memory, aka "Internet Explorer Information Disclosure Vulnerability". | 4.3 |
2018-02-15 | CVE-2018-0839 | Microsoft | Information Exposure vulnerability in Microsoft Edge Microsoft Edge in Microsoft Windows 10 1703 allows information disclosure, due to how Edge handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability". | 4.3 |
2018-02-15 | CVE-2018-0771 | Microsoft | Unspecified vulnerability in Microsoft Edge Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows a security feature bypass, due to how Edge handles different-origin requests, aka "Microsoft Edge Security Feature Bypass". | 4.3 |
2018-02-14 | CVE-2018-2388 | SAP | Cross-site Scripting vulnerability in SAP Internet Graphics Server Stored cross-site scripting vulnerability in SAP internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53. | 4.3 |
2018-02-14 | CVE-2018-2383 | SAP | Cross-site Scripting vulnerability in SAP Internet Graphics Server Reflected cross-site scripting vulnerability in SAP internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53. | 4.3 |
2018-02-14 | CVE-2018-2371 | SAP | Cross-site Scripting vulnerability in SAP Netweaver Java web Application 7.50 The SAML 2.0 service provider of SAP Netweaver AS Java Web Application, 7.50, does not sufficiently encode user controlled inputs, which results in Cross-Site Scripting (XSS) vulnerability. | 4.3 |
2018-02-14 | CVE-2018-2364 | SAP | Cross-site Scripting vulnerability in SAP products SAP CRM WebClient UI 7.01, 7.31, 7.46, 7.47, 7.48, 8.00, 8.01, S4FND 1.02, does not sufficiently validate and/or encode hidden fields, resulting in Cross-Site Scripting (XSS) vulnerability. | 4.3 |
2018-02-13 | CVE-2017-18186 | Qpdf Project | Infinite Loop vulnerability in Qpdf Project Qpdf An issue was discovered in QPDF before 7.0.0. | 4.3 |
2018-02-13 | CVE-2017-18185 | Qpdf Project | Out-of-bounds Read vulnerability in Qpdf Project Qpdf An issue was discovered in QPDF before 7.0.0. | 4.3 |
2018-02-13 | CVE-2017-18184 | Qpdf Project | Out-of-bounds Read vulnerability in Qpdf Project Qpdf An issue was discovered in QPDF before 7.0.0. | 4.3 |
2018-02-13 | CVE-2017-18183 | Qpdf Project | Infinite Loop vulnerability in Qpdf Project Qpdf An issue was discovered in QPDF before 7.0.0. | 4.3 |
2018-02-13 | CVE-2016-10713 | GNU | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GNU Patch An issue was discovered in GNU patch before 2.7.6. | 4.3 |
2018-02-13 | CVE-2015-9252 | Qpdf Project | Resource Management Errors vulnerability in Qpdf Project Qpdf An issue was discovered in QPDF before 7.0.0. | 4.3 |
2018-02-13 | CVE-2018-6942 | Freetype Canonical | NULL Pointer Dereference vulnerability in multiple products An issue was discovered in FreeType 2 through 2.9. | 4.3 |
2018-02-13 | CVE-2018-6930 | Imagemagick | Out-of-bounds Read vulnerability in Imagemagick 7.0.722 A stack-based buffer over-read in the ComputeResizeImage function in the MagickCore/accelerate.c file of ImageMagick 7.0.7-22 allows a remote attacker to cause a denial of service (application crash) via a maliciously crafted pict file. | 4.3 |
2018-02-12 | CVE-2017-9968 | Schneider Electric | Improper Certificate Validation vulnerability in Schneider-Electric Igss Mobile A security misconfiguration vulnerability exists in Schneider Electric's IGSS Mobile application versions 3.01 and prior in which a lack of certificate pinning during the TLS/SSL connection establishing process can result in a man-in-the-middle attack. | 4.3 |
2018-02-12 | CVE-2017-17725 | Exiv2 | Integer Overflow or Wraparound vulnerability in Exiv2 0.26 In Exiv2 0.26, there is an integer overflow leading to a heap-based buffer over-read in the Exiv2::getULong function in types.cpp. | 4.3 |
2018-02-12 | CVE-2017-17724 | Exiv2 | Out-of-bounds Read vulnerability in Exiv2 0.26 In Exiv2 0.26, there is a heap-based buffer over-read in the Exiv2::IptcData::printStructure function in iptc.cpp, related to the "!= 0x1c" case. | 4.3 |
2018-02-12 | CVE-2017-17722 | Exiv2 | Reachable Assertion vulnerability in Exiv2 0.26 In Exiv2 0.26, there is a reachable assertion in the readHeader function in bigtiffimage.cpp, which will lead to a remote denial of service attack via a crafted TIFF file. | 4.3 |
2018-02-12 | CVE-2017-13235 | NULL Pointer Dereference vulnerability in Google Android A other vulnerability in the Android media framework (n/a). | 4.3 | |
2018-02-12 | CVE-2018-6845 | OLX Clone Script Project | Cross-site Scripting vulnerability in OLX Clone Script Project OLX Clone Script 2.0.6 PHP Scripts Mall Multi Language Olx Clone Script 2.0.6 has XSS via the Leave Comment field. | 4.3 |
2018-02-12 | CVE-2018-6912 | Ffmpeg | Out-of-bounds Read vulnerability in Ffmpeg The decode_plane function in libavcodec/utvideodec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (out of array read) via a crafted AVI file. | 4.3 |
2018-02-16 | CVE-2017-14537 | Netfortris | Path Traversal vulnerability in Netfortris Trixbox 2.8.0.4 trixbox 2.8.0.4 has path traversal via the xajaxargs array parameter to /maint/index.php?packages or the lang parameter to /maint/modules/home/index.php. | 4.0 |
2018-02-15 | CVE-2017-8973 | HP | Improper Input Validation vulnerability in HP Matrix Operating Environment 7.6 An improper input validation vulnerability in HPE Matrix Operating Environment version 7.6 LR1 was found. | 4.0 |
2018-02-15 | CVE-2017-8972 | HP | Improper Input Validation vulnerability in HP Matrix Operating Environment 7.6 A clickjacking vulnerability in HPE Matrix Operating Environment version 7.6 LR1 was found. | 4.0 |
2018-02-15 | CVE-2017-8971 | HP | Improper Input Validation vulnerability in HP Matrix Operating Environment 7.6 A clickjacking vulnerability in HPE Matrix Operating Environment version 7.6 LR1 was found. | 4.0 |
2018-02-15 | CVE-2017-12543 | HP | Information Exposure vulnerability in HP products A remote disclosure of information vulnerability in Moonshot Remote Console Administrator Prior to 2.50, iLO4 prior to v2.53, iLO3 prior to v1.89 and iLO2 prior to v2.30 was found. | 4.0 |
2018-02-15 | CVE-2016-8514 | HP | Information Exposure vulnerability in HP Version Control Repository Manager A remote information disclosure in HPE Version Control Repository Manager (VCRM) was found. | 4.0 |
2018-02-15 | CVE-2017-17187 | Huawei | Integer Overflow or Wraparound vulnerability in Huawei products Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00 have an integer overflow vulnerability. | 4.0 |
2018-02-15 | CVE-2017-17185 | Huawei | Out-of-bounds Read vulnerability in Huawei products Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00 have a out-of-bounds read vulnerability. | 4.0 |
2018-02-15 | CVE-2017-17184 | Huawei | Integer Overflow or Wraparound vulnerability in Huawei products Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00 have an integer overflow vulnerability. | 4.0 |
2018-02-15 | CVE-2017-17183 | Huawei | Integer Overflow or Wraparound vulnerability in Huawei products Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00 have an integer overflow vulnerability. | 4.0 |
2018-02-15 | CVE-2017-17182 | Huawei | Out-of-bounds Read vulnerability in Huawei products Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00 have a out-of-bounds read vulnerability. | 4.0 |
2018-02-14 | CVE-2018-2396 | SAP | Unspecified vulnerability in SAP Internet Graphics Server Under certain conditions a malicious user can prevent legitimate users from accessing the SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, using IGS Interpreter service. | 4.0 |
2018-02-14 | CVE-2018-2391 | SAP | Unspecified vulnerability in SAP Internet Graphics Server Under certain conditions a malicious user can prevent legitimate users from accessing the SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, via IGS portwatcher service. | 4.0 |
2018-02-14 | CVE-2018-2390 | SAP | Unspecified vulnerability in SAP Internet Graphics Server Under certain conditions a malicious user can prevent legitimate users from accessing the SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, via IGS Chart service. | 4.0 |
2018-02-14 | CVE-2018-2389 | SAP | Improper Encoding or Escaping of Output vulnerability in SAP Internet Graphics Server Under certain conditions a malicious user can inject log files of SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, hiding important information in the log file. | 4.0 |
2018-02-14 | CVE-2018-2387 | SAP | Unspecified vulnerability in SAP Internet Graphics Server A vulnerability in the SAP internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53, could allow a malicious user to obtain information on ports, which is not available to the user otherwise. | 4.0 |
2018-02-14 | CVE-2018-2386 | SAP | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in SAP Internet Graphics Server Under certain conditions a malicious user provoking an out of bounds buffer overflow can prevent legitimate users from accessing the SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53. | 4.0 |
2018-02-14 | CVE-2018-2385 | SAP | Divide By Zero vulnerability in SAP Internet Graphics Server Under certain conditions a malicious user provoking a divide by zero crash can prevent legitimate users from accessing the SAP Internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53, and its services. | 4.0 |
2018-02-14 | CVE-2018-2384 | SAP | NULL Pointer Dereference vulnerability in SAP Internet Graphics Server Under certain conditions a malicious user provoking a Null Pointer dereference can prevent legitimate users from accessing the SAP Internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53, and its services. | 4.0 |
2018-02-14 | CVE-2018-2382 | SAP | Unspecified vulnerability in SAP Internet Graphics Server A vulnerability in the SAP internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53, could allow a malicious user to store graphics in a controlled area and as such gain information from system area, which is not available to the user otherwise. | 4.0 |
50 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2018-02-13 | CVE-2017-15709 | Apache | Information Exposure vulnerability in Apache Activemq When using the OpenWire protocol in ActiveMQ versions 5.14.0 to 5.15.2 it was found that certain system details (such as the OS and kernel version) are exposed as plain text. | 3.7 |
2018-02-15 | CVE-2017-8974 | HP | Unspecified vulnerability in HP Nonstop Server Software A Local Authentication Restriction Bypass vulnerability in HPE NonStop Server version L-Series: T6533L01 through T6533L01^ADN; J-Series and H-series: T6533H02 through T6533H04^ADF and T6533H05 through T6533H05^ADL was found. | 3.6 |
2018-02-16 | CVE-2018-7188 | Tiki | Cross-site Scripting vulnerability in Tiki Tikiwiki Cms/Groupware An XSS vulnerability (via an SVG image) in Tiki before 18 allows an authenticated user to gain administrator privileges if an administrator opens a wiki page with a malicious SVG image, related to lib/filegals/filegallib.php. | 3.5 |
2018-02-16 | CVE-2017-18091 | Atlassian | Cross-site Scripting vulnerability in Atlassian Crucible and Fisheye The admin backupprogress action in Atlassian Fisheye and Crucible before version 4.4.3 (the fixed version for 4.4.x) and before 4.5.0 allows remote attackers with administrative privileges to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the filename of a backup. | 3.5 |
2018-02-16 | CVE-2017-18089 | Atlassian | Cross-site Scripting vulnerability in Atlassian Crucible 4.4.0/4.4.1/4.4.2 The view review history resource in Atlassian Crucible before version 4.4.3 (the fixed version for 4.4.x) and 4.5.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the invited reviewers for a review. | 3.5 |
2018-02-16 | CVE-2017-14536 | Netfortris | Cross-site Scripting vulnerability in Netfortris Trixbox 2.8.0.4 trixbox 2.8.0.4 has XSS via the PATH_INFO to /maint/index.php or /user/includes/language/langChooser.php. | 3.5 |
2018-02-15 | CVE-2017-8993 | Microfocus | Cross-site Scripting vulnerability in Microfocus Project and Portfolio Management A Remote Cross-Site Scripting vulnerability in HPE Project and Portfolio Management (PPM) version v9.30, v9.31, v9.32, v9.40 was found. | 3.5 |
2018-02-15 | CVE-2017-8969 | HP | Improper Input Validation vulnerability in HP Insight Control 7.6 An improper input validation vulnerability in HPE Insight Control version 7.6 LR1 was found. | 3.5 |
2018-02-15 | CVE-2017-8953 | HP | Cross-site Scripting vulnerability in HP Loadrunner and Performance Center A Remote Cross-Site Scripting (XSS) vulnerability in HPE LoadRunner v12.53 and earlier and HPE Performance Center version v12.53 and earlier was found. | 3.5 |
2018-02-15 | CVE-2017-5827 | HP | Cross-site Scripting vulnerability in HP Aruba Clearpass Policy Manager A reflected cross site scripting vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found. | 3.5 |
2018-02-15 | CVE-2017-5800 | HP | Cross-site Scripting vulnerability in HP Operations Bridge Analytics 3.0 A Remote Cross-Site Scripting (XSS) vulnerability in HPE Operations Bridge Analytics version v3.0 was found. | 3.5 |
2018-02-15 | CVE-2017-12544 | HP Linux Microsoft | Cross-site Scripting vulnerability in HP System Management Homepage A cross-site scripting vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found. | 3.5 |
2018-02-15 | CVE-2016-8535 | HP | Improper Input Validation vulnerability in HP Matrix Operating Environment 7.6 A remote HTTP parameter Pollution vulnerability in HPE Matrix Operating Environment version 7.6 was found. | 3.5 |
2018-02-15 | CVE-2016-8532 | HP | Cross-site Scripting vulnerability in HP Matrix Operating Environment 7.6 A cross site scripting vulnerability in HPE Matrix Operating Environment version 7.6 was found. | 3.5 |
2018-02-15 | CVE-2016-8522 | HP | Cross-site Scripting vulnerability in HP Diagnostics 9.24/9.26 A cross-site scripting vulnerability in HPE Diagnostics version 9.24 IP1, 9.26 , 9.26IP1 was found. | 3.5 |
2018-02-15 | CVE-2018-0869 | Microsoft | Cross-site Scripting vulnerability in Microsoft Sharepoint Enterprise Server 2016 SharePoint Server 2016 allows an elevation of privilege vulnerability due to how web requests are handled, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". | 3.5 |
2018-02-15 | CVE-2018-0864 | Microsoft | Cross-site Scripting vulnerability in Microsoft Sharepoint Server 2013/2016 SharePoint Project Server 2013 and SharePoint Enterprise Server 2016 allow an information disclosure vulnerability due to how web requests are handled, aka "Microsoft SharePoint Information Disclosure Vulnerability". | 3.5 |
2018-02-14 | CVE-2017-1682 | IBM | Cross-site Scripting vulnerability in IBM Connections IBM Connections 4.0, 4.5, 5.0, 5.5, and 6.0 is vulnerable to cross-site scripting. | 3.5 |
2018-02-12 | CVE-2017-18177 | Progress | Cross-site Scripting vulnerability in Progress Sitefinity 9.1 Progress Sitefinity 9.1 has XSS via the Last name, First name, and About fields on the New User Creation Page. | 3.5 |
2018-02-12 | CVE-2017-18176 | Progress | Cross-site Scripting vulnerability in Progress Sitefinity 9.1 Progress Sitefinity 9.1 has XSS via file upload, because JavaScript code in an HTML file has the same origin as the application's own code. | 3.5 |
2018-02-12 | CVE-2017-18175 | Progress | Cross-site Scripting vulnerability in Progress Sitefinity 9.1 Progress Sitefinity 9.1 has XSS via the Content Management Template Configuration (aka Templateconfiguration), as demonstrated by the src attribute of an IMG element. | 3.5 |
2018-02-12 | CVE-2018-6506 | Minibb | Cross-site Scripting vulnerability in Minibb 3.2.2 Cross-Site Scripting (XSS) exists in the Add Forum feature in the Administrative Panel in miniBB 3.2.2 via crafted use of an onload attribute of an SVG element in the supertitle field. | 3.5 |
2018-02-12 | CVE-2018-6864 | Multireligion Responsive Matrimonial Project | Cross-site Scripting vulnerability in Multireligion Responsive Matrimonial Project Multireligion Responsive Matrimonial 4.7.2 Cross Site Scripting (XSS) exists in PHP Scripts Mall Multi religion Responsive Matrimonial 4.7.2 via a user profile update parameter. | 3.5 |
2018-02-12 | CVE-2018-6862 | Bitcoin MLM Project | Cross-site Scripting vulnerability in Bitcoin MLM Project Bitcoin MLM 1.0.2 Cross Site Scripting (XSS) exists in PHP Scripts Mall Bitcoin MLM Software 1.0.2 via a profile field. | 3.5 |
2018-02-12 | CVE-2018-6861 | Lawyer Search Script Project | Cross-site Scripting vulnerability in Lawyer Search Script Project Lawyer Search Script 1.0.2 Cross Site Scripting (XSS) exists in PHP Scripts Mall Lawyer Search Script 1.0.2 via a profile update parameter. | 3.5 |
2018-02-12 | CVE-2018-6858 | Facebook Clone Script Project | Cross-site Scripting vulnerability in Facebook Clone Script Project Facebook Clone Script 1.0.5 Cross Site Scripting (XSS) exists in PHP Scripts Mall Facebook Clone Script. | 3.5 |
2018-02-15 | CVE-2017-15352 | Huawei | Incorrect Permission Assignment for Critical Resource vulnerability in Huawei products Huawei OceanStor 2800 V3, V300R003C00, V300R003C20, OceanStor 5300 V3, V300R003C00, V300R003C10, V300R003C20, OceanStor 5500 V3, V300R003C00, V300R003C10, V300R003C20, OceanStor 5600 V3, V300R003C00, V300R003C10, V300R003C20, OceanStor 5800 V3, V300R003C00, V300R003C10, V300R003C20 have an improper access control vulnerability. | 2.9 |
2018-02-15 | CVE-2018-0763 | Microsoft | Information Exposure vulnerability in Microsoft Edge Microsoft Edge in Microsoft Windows 10 1703 and 1709 allows information disclosure, due to how Edge handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability". | 2.6 |
2018-02-15 | CVE-2017-8950 | HP | Information Exposure vulnerability in HP Sitescope A Disclosure of Sensitive Information vulnerability in HPE SiteScope version v11.2x, v11.3x was found. | 2.1 |
2018-02-15 | CVE-2017-8949 | HP | Unspecified vulnerability in HP Sitescope A Disclosure of Sensitive Information vulnerability in HPE SiteScope version v11.2x, v11.3x was found. | 2.1 |
2018-02-15 | CVE-2017-5786 | HP | Local Security Bypass vulnerability in HP OfficeConnect Network Switches A local Unauthorized Data Modification vulnerability in HPE OfficeConnect Network Switches version PT.02.01 including PT.01.03 through PT.01.14 | 2.1 |
2018-02-15 | CVE-2017-17302 | Huawei | Missing Release of Resource after Effective Lifetime vulnerability in Huawei products Huawei DP300 V500R002C00, RP200 V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00 have a memory leak vulnerability. | 2.1 |
2018-02-15 | CVE-2017-17294 | Huawei | NULL Pointer Dereference vulnerability in Huawei products Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR1200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR150 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR150-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR160 V200R006C10, V200R006C12, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR200 V200R006C10, V200R007C00, V200R007C01, V200R008C20, V200R008C30, AR200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR2200 V200R006C10, V200R006C13, V200R006C16, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR2200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR3200 V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30, AR3600 V200R006C10, V200R007C00, V200R007C01, V200R008C20, AR510 V200R006C10, V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00, V200R008C20, V200R008C30, DP300 V500R002C00, MAX PRESENCE V100R001C00, NetEngine16EX V200R006C10, V200R007C00, V200R008C20, V200R008C30, RP200 V500R002C00, V600R006C00, SRG1300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG2300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG3300 V200R006C10, V200R007C00, V200R008C20, V200R008C30, TE30 V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00, TP3106 V100R002C00, TP3206 V100R002C00, V100R002C10 have a null pointer dereference vulnerability. | 2.1 |
2018-02-15 | CVE-2017-17293 | Huawei | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Huawei products Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR1200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR150 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR150-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR160 V200R006C10, V200R006C12, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR200 V200R006C10, V200R007C00, V200R007C01, V200R008C20, V200R008C30, AR200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR2200 V200R006C10, V200R006C13, V200R006C16, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR2200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR3200 V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30, AR3600 V200R006C10, V200R007C00, V200R007C01, V200R008C20, AR510 V200R006C10, V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00, V200R008C20, V200R008C30, DP300 V500R002C00, MAX PRESENCE V100R001C00, NetEngine16EX V200R006C10, V200R007C00, V200R008C20, V200R008C30, RP200 V500R002C00, V600R006C00, SRG1300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG2300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG3300 V200R006C10, V200R007C00, V200R008C20, V200R008C30, TE30 V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00, TP3106 V100R002C00, TP3206 V100R002C00, V100R002C10 have a buffer overflow vulnerability. | 2.1 |
2018-02-15 | CVE-2017-17292 | Huawei | Improper Input Validation vulnerability in Huawei products Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR1200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR150 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR150-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR160 V200R006C10, V200R006C12, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR200 V200R006C10, V200R007C00, V200R007C01, V200R008C20, V200R008C30, AR200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR2200 V200R006C10, V200R006C13, V200R006C16, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR2200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR3200 V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30, AR3600 V200R006C10, V200R007C00, V200R007C01, V200R008C20, AR510 V200R006C10, V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00, V200R008C20, V200R008C30, DP300 V500R002C00, MAX PRESENCE V100R001C00, NetEngine16EX V200R006C10, V200R007C00, V200R008C20, V200R008C30, RP200 V500R002C00, V600R006C00, SRG1300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG2300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG3300 V200R006C10, V200R007C00, V200R008C20, V200R008C30, TE30 V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00, TP3106 V100R002C00, TP3206 V100R002C00, V100R002C10 have a denial of service vulnerability in the specific module. | 2.1 |
2018-02-15 | CVE-2017-17291 | Huawei | Missing Release of Resource after Effective Lifetime vulnerability in Huawei products Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR1200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR150 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR150-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR160 V200R006C10, V200R006C12, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR200 V200R006C10, V200R007C00, V200R007C01, V200R008C20, V200R008C30, AR200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR2200 V200R006C10, V200R006C13, V200R006C16, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR2200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR3200 V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30, AR3600 V200R006C10, V200R007C00, V200R007C01, V200R008C20, AR510 V200R006C10, V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00, V200R008C20, V200R008C30, DP300 V500R002C00, MAX PRESENCE V100R001C00, NetEngine16EX V200R006C10, V200R007C00, V200R008C20, V200R008C30, RP200 V500R002C00, V600R006C00, SRG1300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG2300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG3300 V200R006C10, V200R007C00, V200R008C20, V200R008C30, TE30 V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00, TP3106 V100R002C00, TP3206 V100R002C00, V100R002C10 have a memory leak vulnerability. | 2.1 |
2018-02-15 | CVE-2017-17289 | Huawei | Missing Release of Resource after Effective Lifetime vulnerability in Huawei products Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00 have a memory leak vulnerability. | 2.1 |
2018-02-15 | CVE-2017-17163 | Huawei | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Huawei Secospace Usg6600 Firmware V500R001C30Spc100 Huawei Secospace USG6600 V500R001C30SPC100 has an Out-of-Bounds memory access vulnerability due to insufficient verification. | 2.1 |
2018-02-15 | CVE-2017-17162 | Huawei | Missing Release of Resource after Effective Lifetime vulnerability in Huawei Secospace Usg6600 Firmware and Usg9500 Firmware Huawei Secospace USG6600 V500R001C30SPC100, Secospace USG6600 V500R001C30SPC200, Secospace USG6600 V500R001C30SPC300, USG9500 V500R001C30SPC100, USG9500 V500R001C30SPC200, USG9500 V500R001C30SPC300 have a memory leak vulnerability due to memory don't be released when an local authenticated attacker execute special commands many times. | 2.1 |
2018-02-15 | CVE-2018-0761 | Microsoft | Information Exposure vulnerability in Microsoft Windows 7 and Windows Server 2008 The Microsoft Windows Embedded OpenType (EOT) font engine in Microsoft Windows 7 SP1 and Windows Server 2008 R2 allows information disclosure, due to how the Windows EOT font engine handles embedded fonts, aka "Windows EOT Font Engine Information Disclosure Vulnerability". | 2.1 |
2018-02-15 | CVE-2018-0760 | Microsoft | Information Exposure vulnerability in Microsoft Windows 7, Windows Server 2008 and Windows Server 2012 The Microsoft Windows Embedded OpenType (EOT) font engine in Microsoft Windows 7 SP1, Windows Server 2008 R2, and Windows Server 2012 allows information disclosure, due to how the Windows EOT font engine handles embedded fonts, aka "Windows EOT Font Engine Information Disclosure Vulnerability". | 2.1 |
2018-02-15 | CVE-2018-0755 | Microsoft | Information Exposure vulnerability in Microsoft Windows 7 and Windows Server 2008 The Microsoft Windows Embedded OpenType (EOT) font engine in Microsoft Windows 7 SP1 and Windows Server 2008 R2 allows information disclosure, due to how the Windows EOT font engine handles embedded fonts, aka "Windows EOT Font Engine Information Disclosure Vulnerability". | 2.1 |
2018-02-14 | CVE-2017-18188 | Openr | Link Following vulnerability in Openr Opentmpfiles OpenRC opentmpfiles through 0.1.3, when the fs.protected_hardlinks sysctl is turned off, allows local users to obtain ownership of arbitrary files by creating a hard link inside a directory on which "chown -R" will be run. | 2.1 |
2018-02-12 | CVE-2017-9969 | Schneider Electric | Insufficiently Protected Credentials vulnerability in Schneider-Electric Igss Mobile An information disclosure vulnerability exists in Schneider Electric's IGSS Mobile application version 3.01 and prior. | 2.1 |
2018-02-15 | CVE-2018-0843 | Microsoft | Information Exposure vulnerability in Microsoft Windows 10 and Windows Server 2016 The Windows kernel in Windows 10 version 1709 and Windows Server, version 1709 allows an information disclosure vulnerability due to how objects in memory are handled, aka "Windows Kernel Information Disclosure Vulnerability". | 1.9 |
2018-02-15 | CVE-2018-0832 | Microsoft | Memory Leak vulnerability in Microsoft products The Windows kernel in Windows 8.1 and RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to how objects in memory are handled, aka "Windows Information Disclosure Vulnerability". | 1.9 |
2018-02-15 | CVE-2018-0830 | Microsoft | Information Exposure vulnerability in Microsoft products The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to how objects in memory are handled, aka "Windows Information Disclosure Vulnerability". | 1.9 |
2018-02-15 | CVE-2018-0829 | Microsoft | Information Exposure vulnerability in Microsoft products The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to how objects in memory are handled, aka "Windows Information Disclosure Vulnerability". | 1.9 |
2018-02-15 | CVE-2018-0810 | Microsoft | Improper Initialization vulnerability in Microsoft Windows 7, Windows Server 2008 and Windows Server 2012 The Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2, and Windows Server 2012 allows an information disclosure vulnerability due to the way memory is initialized, aka "Windows Kernel Information Disclosure Vulnerability". | 1.9 |
2018-02-15 | CVE-2018-0757 | Microsoft | Unspecified vulnerability in Microsoft products The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way objects are handled in memory, aka "Windows Kernel Information Disclosure Vulnerability". | 1.9 |