Total
31899 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-17284 | 1 Huawei | 12 Dp300, Dp300 Firmware, Rp200 and 9 more | 2024-11-21 | N/A |
| Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00 have a resource management error vulnerability. A remote attacker may send huge number of specially crafted SIP messages to the affected products. Due to improper handling of some value in the messages, successful exploit will cause some services abnormal. | ||||
| CVE-2017-17279 | 1 Huawei | 2 Mate 9 Pro, Mate 9 Pro Firmware | 2024-11-21 | N/A |
| The soundtrigger module in Huawei Mate 9 Pro smart phones with software of the versions before LON-AL00B 8.0.0.343(C00) has an authentication bypass vulnerability due to the improper design of the module. An attacker tricks a user into installing a malicious application, and the application can exploit the vulnerability and make attacker bypass the authentication, the attacker can control the phone to sent short messages and make call within audio range to the phone. | ||||
| CVE-2017-17149 | 1 Huawei | 1 Hiwallet | 2024-11-21 | N/A |
| Huawei HiWallet App with the versions before 8.0.4 has an arbitrary lock pattern change vulnerability. It needs to verify the user's Huawei ID during lock pattern change. An attacker with root privilege who gets a user's smart phone may bypass Huawei ID verification by special operation. Successful exploit of this vulnerability can allow an attacker to change the lock pattern of HiWallet. | ||||
| CVE-2017-17145 | 1 Huawei | 2 Honor V9 Play, Honor V9 Play Firmware | 2024-11-21 | N/A |
| Huawei Honor V9 Play smart phones with the versions before Jimmy-AL00AC00B135 have an authentication bypass vulnerability due to the improper design of a component. An attacker who get a user's smart phone can execute specific operation, and delete the fingerprint of the phone without authentication. | ||||
| CVE-2017-17101 | 1 Apexis | 2 Apm-h803-mpc, Apm-h803-mpc Firmware | 2024-11-21 | N/A |
| An issue was discovered in Apexis APM-H803-MPC software, as used with many different models of IP Camera. An unprotected CGI method inside the web application permits an unauthenticated user to bypass the login screen and access the webcam contents including: live video stream, configuration files with all the passwords, system information, and much more. With this vulnerability, anyone can access to a vulnerable webcam with 'super admin' privilege. | ||||
| CVE-2017-16873 | 1 Hashicorp | 1 Vagrant Vmware Fusion | 2024-11-21 | N/A |
| It is possible to exploit an unsanitized PATH in the suid binary that ships with vagrant-vmware-fusion 4.0.25 through 5.0.4 in order to escalate to root privileges. | ||||
| CVE-2017-16861 | 1 Atlassian | 2 Crucible, Fisheye | 2024-11-21 | N/A |
| It was possible for double OGNL evaluation in certain redirect action and in WebWork URL and Anchor tags in JSP files to occur. An attacker who can access the web interface of Fisheye or Crucible or who hosts a website that a user who can access the web interface of Fisheye or Crucible visits, is able to exploit this vulnerability to execute Java code of their choice on systems that run a vulnerable version of Fisheye or Crucible. All versions of Fisheye and Crucible before 4.4.5 (the fixed version for 4.4.x) and from 4.5.0 before 4.5.2 (the fixed version for 4.5.x) are affected by this vulnerability. | ||||
| CVE-2017-16839 | 1 Hashicorp | 1 Vagrant Vmware Fusion | 2024-11-21 | N/A |
| Hashicorp vagrant-vmware-fusion 5.0.4 allows local users to steal root privileges if VMware Fusion is not installed. | ||||
| CVE-2017-16709 | 1 Crestron | 4 Airmedia Am-100, Airmedia Am-100 Firmware, Airmedia Am-101 and 1 more | 2024-11-21 | N/A |
| Crestron Airmedia AM-100 devices with firmware before 1.6.0 and AM-101 devices with firmware before 2.7.0 allows remote authenticated administrators to execute arbitrary code via unspecified vectors. | ||||
| CVE-2017-16653 | 2 Debian, Sensiolabs | 2 Debian Linux, Symfony | 2024-11-21 | N/A |
| An issue was discovered in Symfony before 2.7.38, 2.8.31, 3.2.14, 3.3.13, 3.4-BETA5, and 4.0-BETA5. The current implementation of CSRF protection in Symfony (Version >=2) does not use different tokens for HTTP and HTTPS; therefore the token is subject to MITM attacks on HTTP and can then be used in an HTTPS context to do CSRF attacks. | ||||
| CVE-2017-16550 | 1 K7computing | 5 Antivirus, Endpoint, Internet Security and 2 more | 2024-11-21 | N/A |
| K7 Antivirus Premium before 15.1.0.53 allows local users to write to arbitrary memory locations, and consequently gain privileges, via a specific set of IOCTL calls. | ||||
| CVE-2017-16207 | 1 Discordi.js Project | 1 Discordi.js | 2024-11-21 | N/A |
| discordi.js is a malicious module based on the discord.js library that exfiltrates login tokens to pastebin. | ||||
| CVE-2017-16088 | 1 Safe-eval Project | 1 Safe-eval | 2024-11-21 | N/A |
| The safe-eval module describes itself as a safer version of eval. By accessing the object constructors, un-sanitized user input can access the entire standard library and effectively break out of the sandbox. | ||||
| CVE-2017-16046 | 1 Mariadb | 1 Mariadb | 2024-11-21 | 7.5 High |
| `mariadb` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | ||||
| CVE-2017-16030 | 1 Useragent Project | 1 Useragent | 2024-11-21 | N/A |
| Useragent is used to parse useragent headers. It uses several regular expressions to accomplish this. An attacker could edit their own headers, creating an arbitrarily long useragent string, causing the event loop and server to block. This affects Useragent 2.1.12 and earlier. | ||||
| CVE-2017-16007 | 1 Cisco | 1 Node-jose | 2024-11-21 | N/A |
| node-jose is a JavaScript implementation of the JSON Object Signing and Encryption (JOSE) for current web browsers and node.js-based servers. node-jose earlier than version 0.9.3 is vulnerable to an invalid curve attack. This allows an attacker to recover the private secret key when JWE with Key Agreement with Elliptic Curve Diffie-Hellman Ephemeral Static (ECDH-ES) is used. | ||||
| CVE-2017-15914 | 1 Borgbackup | 1 Borg | 2024-11-21 | N/A |
| Incorrect implementation of access controls allows remote users to override repository restrictions in Borg servers 1.1.x before 1.1.3. | ||||
| CVE-2017-15841 | 1 Qualcomm | 32 Sd 410, Sd 410 Firmware, Sd 412 and 29 more | 2024-11-21 | N/A |
| When HOST sends a Special command ID packet, Controller triggers a RAM Dump and FW reset in Snapdragon Mobile in version SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 835, Snapdragon_High_Med_2016. | ||||
| CVE-2017-15718 | 1 Apache | 1 Hadoop | 2024-11-21 | N/A |
| The YARN NodeManager in Apache Hadoop 2.7.3 and 2.7.4 can leak the password for credential store provider used by the NodeManager to YARN Applications. | ||||
| CVE-2017-15637 | 1 Tp-link | 76 Er5110g, Er5110g Firmware, Er5120g and 73 more | 2024-11-21 | N/A |
| TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the pptphellointerval variable in the pptp_server.lua file. | ||||