Vulnerabilities (CVE)

Total 7184 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-0109 1 Cisco 1 Webex Meetings Server 2024-11-21 4.0 MEDIUM 2.7 LOW
A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to access sensitive data about the application. An attacker could exploit this vulnerability to obtain information to conduct additional reconnaissance attacks. The vulnerability is due to a design flaw in Cisco WebEx Meetings Server that could allow an attacker who is authenticated as root to gain shared secrets. An attacker could exploit the vulnerability by accessing the root account and viewing sensitive information. Successful exploitation could allow the attacker to discover sensitive information about the application. Cisco Bug IDs: CSCvg42664.
CVE-2018-0106 1 Cisco 1 Elastic Services Controller 2024-11-21 2.1 LOW 3.3 LOW
A vulnerability in the ConfD server of the Cisco Elastic Services Controller (ESC) could allow an unauthenticated, local attacker to access sensitive information on a targeted system. The vulnerability is due to insufficient security restrictions. An attacker could exploit this vulnerability by accessing unauthorized information within the ConfD directory and file structure. Successful exploitation could allow the attacker to view sensitive information. Cisco Bug IDs: CSCvg00221.
CVE-2017-9635 1 Schneider-electric 1 Ampla Manufacturing Execution System 2024-11-21 1.9 LOW 3.9 LOW
Schneider Electric Ampla MES 6.4 provides capability to configure users and their privileges. When Ampla MES users are configured to use Simple Security, a weakness in the password hashing algorithm could be exploited to reverse the user's password. Schneider Electric recommends that users of Ampla MES versions 6.4 and prior should upgrade to Ampla MES version 6.5 as soon as possible.
CVE-2017-9279 1 Netiq 1 Identity Manager 2024-11-21 9.0 HIGH 2.0 LOW
NetIQ Identity Manager before 4.5.6.1 allowed uploading files with double extensions or non-image content in the Themes handling of the User Application Administration, allowing malicious user administrators to potentially execute code or mislead users.
CVE-2017-9278 1 Netiq 1 Identity Manager 2024-11-21 5.0 MEDIUM 3.3 LOW
The NetIQ Identity Manager Oracle EBS driver before 4.0.2.0 sent EBS logs containing the driver authentication password, potentially disclosing this to attackers able to read the EBS tables.
CVE-2017-9275 1 Netiq 1 Identity Reporting 2024-11-21 4.3 MEDIUM 2.8 LOW
NetIQ Identity Reporting, in versions prior to 5.5 Service Pack 1, is susceptible to an XSS attack.
CVE-2017-9271 2 Fedoraproject, Opensuse 2 Fedora, Zypper 2024-11-21 2.1 LOW 3.3 LOW
The commandline package update tool zypper writes HTTP proxy credentials into its logfile, allowing local attackers to gain access to proxies used.
CVE-2017-8164 1 Huawei 18 Eva-al10, Eva-al10 Firmware, Eva-cl00 and 15 more 2024-11-21 4.3 MEDIUM 3.3 LOW
Some Huawei smart phones with software EVA-L09C34B142; EVA-L09C40B196; EVA-L09C432B210; EVA-L09C440B138; EVA-L09C464B150; EVA-L09C530B127; EVA-L09C55B190; EVA-L09C576B150; EVA-L09C635B221; EVA-L09C636B193; EVA-L09C675B130; EVA-L09C688B143; EVA-L09C703B160; EVA-L09C706B145; EVA-L09GBRC555B171; EVA-L09IRLC368B160; EVA-L19C10B190; EVA-L19C185B220; EVA-L19C20B160; EVA-L19C432B210; EVA-L19C636B190; EVA-L29C20B160; EVA-L29C636B191; EVA-TL00C01B198; VIE-L09C02B131; VIE-L09C109B181; VIE-L09C113B170; VIE-L09C150B170; VIE-L09C25B120; VIE-L09C40B181; VIE-L09C432B181; VIE-L09C55B170; VIE-L09C605B131; VIE-L09ITAC555B130; VIE-L29C10B170; VIE-L29C185B181; VIE-L29C605B131; VIE-L29C636B202 have a denial of service (DoS) vulnerability. An attacker can trick a user to install a malicious application to exploit this vulnerability. Successful exploitation can cause camera application unusable.
CVE-2017-8087 1 Avm 2 Fritz\!box 7490, Fritz\!os 2024-11-21 2.1 LOW 2.4 LOW
Information Leakage in PPPoE Packet Padding in AVM Fritz!Box 7490 with Firmware versions Fritz!OS 6.80 and 6.83 allows physically proximate attackers to view slices of previously transmitted packets or portions of memory via via unspecified vectors.
CVE-2017-7538 1 Redhat 1 Satellite 2024-11-21 3.5 LOW 3.5 LOW
A cross-site scripting (XSS) flaw was found in how an organization name is displayed in Satellite 5, before 5.8. A user able to change an organization's name could exploit this flaw to perform XSS attacks against other Satellite users.
CVE-2017-7519 2 Ceph, Debian 2 Ceph, Debian Linux 2024-11-21 2.1 LOW 2.3 LOW
In Ceph, a format string flaw was found in the way libradosstriper parses input from user. A user could crash an application or service using the libradosstriper library.
CVE-2017-7509 1 Redhat 1 Certificate System 2024-11-21 4.0 MEDIUM 3.5 LOW
An input validation error was found in Red Hat Certificate System's handling of client provided certificates before 8.1.20-1. If the certreq field is not present in a certificate an assertion error is triggered causing a denial of service.
CVE-2017-7434 1 Netiq 1 Identity Manager 2024-11-21 5.0 MEDIUM 3.3 LOW
In the JDBC driver of NetIQ Identity Manager before 4.6 sending out incorrect XML configurations could result in passwords being logged into exception logfiles.
CVE-2017-6426 1 Google 1 Android 2024-11-21 4.3 MEDIUM 3.3 LOW
An information disclosure vulnerability in the Qualcomm SPMI driver. Product: Android. Versions: Android kernel. Android ID: A-33644474. References: QC-CR#1106842.
CVE-2017-6425 1 Google 1 Android 2024-11-21 4.3 MEDIUM 3.3 LOW
An information disclosure vulnerability in the Qualcomm video driver. Product: Android. Versions: Android kernel. Android ID: A-32577085. References: QC-CR#1103689.
CVE-2017-5387 1 Mozilla 1 Firefox 2024-11-21 2.1 LOW 3.3 LOW
The existence of a specifically requested local file can be found due to the double firing of the "onerror" when the "source" attribute on a "<track>" tag refers to a file that does not exist if the source page is loaded locally. This vulnerability affects Firefox < 51.
CVE-2017-3964 1 Mcafee 1 Network Security Manager 2024-11-21 3.5 LOW 3.5 LOW
Reflective Cross-Site Scripting (XSS) vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows attackers to inject arbitrary web script or HTML via a URL parameter.
CVE-2017-3961 1 Mcafee 1 Network Security Manager 2024-11-21 3.5 LOW 3.5 LOW
Cross-Site Scripting (XSS) vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows authenticated users to allow arbitrary HTML code to be reflected in the response web page via crafted user input of attributes.
CVE-2017-3140 2 Isc, Netapp 4 Bind, Data Ontap Edge, Element Software and 1 more 2024-11-21 4.3 MEDIUM 3.7 LOW
If named is configured to use Response Policy Zones (RPZ) an error processing some rule types can lead to a condition where BIND will endlessly loop while handling a query. Affects BIND 9.9.10, 9.10.5, 9.11.0->9.11.1, 9.9.10-S1, 9.10.5-S1.
CVE-2017-2826 2 Debian, Zabbix 2 Debian Linux, Zabbix 2024-11-21 4.3 MEDIUM 3.7 LOW
An information disclosure vulnerability exists in the iConfig proxy request of Zabbix server 2.4.X. A specially crafted iConfig proxy request can cause the Zabbix server to send the configuration information of any Zabbix proxy, resulting in information disclosure. An attacker can make requests from an active Zabbix proxy to trigger this vulnerability.