Total
9703 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-0018 | 1 Juniper | 21 Junos, Srx100, Srx110 and 18 more | 2024-11-21 | N/A |
| On SRX Series devices during compilation of IDP policies, an attacker sending specially crafted packets may be able to bypass firewall rules, leading to information disclosure which an attacker may use to gain control of the target device or other internal devices, systems or services protected by the SRX Series device. This issue only applies to devices where IDP policies are applied to one or more rules. Customers not using IDP policies are not affected. Depending on if the IDP updates are automatic or not, as well as the interval between available updates, an attacker may have more or less success in performing reconnaissance or bypass attacks on the victim SRX Series device or protected devices. ScreenOS with IDP is not vulnerable to this issue. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D60 on SRX; 12.3X48 versions prior to 12.3X48-D35 on SRX; 15.1X49 versions prior to 15.1X49-D60 on SRX. | ||||
| CVE-2018-0014 | 1 Juniper | 1 Screenos | 2024-11-21 | N/A |
| Juniper Networks ScreenOS devices do not pad Ethernet packets with zeros, and thus some packets can contain fragments of system memory or data from previous packets. This issue is often detected as CVE-2003-0001. The issue affects all versions of Juniper Networks ScreenOS prior to 6.3.0r25. | ||||
| CVE-2018-0013 | 1 Juniper | 1 Junos Space | 2024-11-21 | N/A |
| A local file inclusion vulnerability in Juniper Networks Junos Space Network Management Platform may allow an authenticated user to retrieve files from the system. | ||||
| CVE-2017-9809 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | N/A |
| OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Information Exposure. | ||||
| CVE-2017-9796 | 1 Apache | 1 Geode | 2024-11-21 | N/A |
| When an Apache Geode cluster before v1.3.0 is operating in secure mode, a user with read access to specific regions within a Geode cluster may execute OQL queries containing a region name as a bind parameter that allow read access to objects within unauthorized regions. | ||||
| CVE-2017-9795 | 1 Apache | 1 Geode | 2024-11-21 | N/A |
| When an Apache Geode cluster before v1.3.0 is operating in secure mode, a user with read access to specific regions within a Geode cluster may execute OQL queries that allow read and write access to objects within unauthorized regions. In addition a user could invoke methods that allow remote code execution. | ||||
| CVE-2017-9681 | 1 Google | 1 Android | 2024-11-21 | N/A |
| In Android before 2017-08-05 on Qualcomm MSM, Firefox OS for MSM, QRD Android, and all Android releases from CAF using the Linux kernel, if kernel memory address is passed from userspace through iris_vidioc_s_ext_ctrls ioctl, it will print kernel address data. A user could set it to an arbitrary kernel address, hence information disclosure (for kernel) could occur. | ||||
| CVE-2017-9284 | 1 Netiq | 1 Identity Manager | 2024-11-21 | N/A |
| IDM 4.6 Identity Applications prior to 4.6.2.1 may expose sensitive information. | ||||
| CVE-2017-9280 | 1 Netiq | 1 Identity Manager | 2024-11-21 | N/A |
| Some NetIQ Identity Manager Applications before Identity Manager 4.5.6.1 included the session token in GET URLs, potentially allowing exposure of user sessions to untrusted third parties via proxies, referer urls or similar. | ||||
| CVE-2017-9000 | 1 Hp | 1 Arubaos | 2024-11-21 | N/A |
| ArubaOS, all versions prior to 6.3.1.25, 6.4 prior to 6.4.4.16, 6.5.x prior to 6.5.1.9, 6.5.2, 6.5.3 prior to 6.5.3.3, 6.5.4 prior to 6.5.4.2, 8.x prior to 8.1.0.4 FIPS and non-FIPS versions of software are both affected equally is vulnerable to unauthenticated arbitrary file access. An unauthenticated user with network access to an Aruba mobility controller on TCP port 8080 or 8081 may be able to access arbitrary files stored on the mobility controller. Ports 8080 and 8081 are used for captive portal functionality and are listening, by default, on all IP interfaces of the mobility controller, including captive portal interfaces. The attacker could access files which could contain passwords, keys, and other sensitive information that could lead to full system compromise. | ||||
| CVE-2017-8985 | 1 Hp | 1 Xp Storage Hitachi Global Link Manager | 2024-11-21 | N/A |
| HPE XP Storage using Hitachi Global Link Manager (HGLM) has a local authenticated information disclosure vulnerability in HGLM version HGLM 6.3.0-00 to 8.5.2-00. | ||||
| CVE-2017-8980 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | N/A |
| A Remote Disclosure of Information vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P2 was found. | ||||
| CVE-2017-8978 | 1 Hp | 3 Icewall Mcrp, Icewall Mfa, Icewall Sso | 2024-11-21 | N/A |
| A Remote Unauthorized Disclosure of Information vulnerability in HPE IceWall Products version MFA 4.0 proxy was found. | ||||
| CVE-2017-8970 | 1 Hp | 1 Matrix Operating Environment | 2024-11-21 | N/A |
| A remote unauthenticated disclosure of information vulnerability in HPE Matrix Operating Environment version 7.6 LR1 was found. | ||||
| CVE-2017-8952 | 1 Hp | 1 Sitescope | 2024-11-21 | N/A |
| A Disclosure of Sensitive Information vulnerability in HPE SiteScope version v11.2x, v11.3x was found. | ||||
| CVE-2017-8951 | 1 Hp | 1 Sitescope | 2024-11-21 | N/A |
| A Disclosure of Sensitive Information vulnerability in HPE SiteScope version v11.2x, v11.3x was found. | ||||
| CVE-2017-8950 | 1 Hp | 1 Sitescope | 2024-11-21 | N/A |
| A Disclosure of Sensitive Information vulnerability in HPE SiteScope version v11.2x, v11.3x was found. | ||||
| CVE-2017-8944 | 1 Hp | 1 Cloud Optimizer | 2024-11-21 | N/A |
| A Remote Disclosure of Information vulnerability in HPE Cloud Optimizer version v3.0x was found. | ||||
| CVE-2017-8761 | 1 Openstack | 1 Swift | 2024-11-21 | 4.3 Medium |
| In OpenStack Swift through 2.10.1, 2.11.0 through 2.13.0, and 2.14.0, the proxy-server logs full tempurl paths, potentially leaking reusable tempurl signatures to anyone with read access to these logs. All Swift deployments using the tempurl middleware are affected. | ||||
| CVE-2017-8337 | 1 Securifi | 6 Almond, Almond\+, Almond\+firmware and 3 more | 2024-11-21 | N/A |
| An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of executing various actions on the web management interface. It seems that the device does not implement any Origin header check which allows an attacker who can trick a user to navigate to an attacker's webpage to exploit this issue and brute force the password for the web management interface. It also allows an attacker to then execute any other actions which include management if rules, sensors attached to the devices using the websocket requests. | ||||