Total
29922 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-15365 | 3 Fedoraproject, Mariadb, Percona | 3 Fedora, Mariadb, Xtradb Cluster | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x before 10.2.10 and Percona XtraDB Cluster before 5.6.37-26.21-3 and 5.7.x before 5.7.19-29.22-3 allows remote authenticated users with SQL access to bypass intended access restrictions and replicate data definition language (DDL) statements to cluster nodes by leveraging incorrect ordering of DDL replication and ACL checking. | |||||
| CVE-2017-15340 | 1 Huawei | 2 Tag-al00, Tag-al00 Firmware | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| Huawei smartphones with software of TAG-AL00C92B168 have an information disclosure vulnerability. An attacker tricks the user to install a crafted application, this application simulate click action to back up data in a non-encrypted way using an Android assist function. Successful exploit could result in information disclosure. | |||||
| CVE-2017-15136 | 1 Redhat | 1 Satellite | 2024-11-21 | 4.0 MEDIUM | 2.7 LOW |
| When registering and activating a new system with Red Hat Satellite 6 if the new systems hostname is then reset to the hostname of a previously registered system the previously registered system will lose access to updates including security updates. | |||||
| CVE-2017-15130 | 3 Canonical, Debian, Dovecot | 3 Ubuntu Linux, Debian Linux, Dovecot | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| A denial of service flaw was found in dovecot before 2.2.34. An attacker able to generate random SNI server names could exploit TLS SNI configuration lookups, leading to excessive memory usage and the process to restart. | |||||
| CVE-2017-15127 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Enterprise Mrg | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| A flaw was found in the hugetlb_mcopy_atomic_pte function in mm/hugetlb.c in the Linux kernel before 4.13. A superfluous implicit page unlock for VM_SHARED hugetlbfs mapping could trigger a local denial of service (BUG). | |||||
| CVE-2017-15107 | 1 Thekelleys | 1 Dnsmasq | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability was found in the implementation of DNSSEC in Dnsmasq up to and including 2.78. Wildcard synthesized NSEC records could be improperly interpreted to prove the non-existence of hostnames that actually exist. | |||||
| CVE-2017-14906 | 1 Google | 1 Android | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| In Android before 2018-01-05 on Qualcomm Snapdragon IoT, Snapdragon Mobile MDM9206, MDM9607, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, PKCS7 padding is not supported by the crypto storage APIs. | |||||
| CVE-2017-14803 | 1 Netiq | 1 Access Manager | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| In NetIQ Access Manager 4.3 and 4.4, a bug exists in Identity Server when accessing a basic SSO connector and downloading the BasicSSO connector plugins on IE11 where an attacker can execute arbitrary code on the system. | |||||
| CVE-2017-14593 | 1 Atlassian | 1 Sourcetree | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| Sourcetree for Windows had several argument and command injection bugs in Mercurial and Git repository handling. An attacker with permission to commit to a repository linked in Sourcetree for Windows is able to exploit this issue to gain code execution on the system. From version 0.8.4b of Sourcetree for Windows, this vulnerability can be triggered from a webpage through the use of the Sourcetree URI handler. Versions of Sourcetree for Windows starting with 0.5.1.0 before version 2.4.7.0 are affected by this vulnerability | |||||
| CVE-2017-14592 | 1 Atlassian | 1 Sourcetree | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| Sourcetree for macOS had several argument and command injection bugs in Mercurial and Git repository handling. An attacker with permission to commit to a repository linked in Sourcetree for macOS is able to exploit this issue to gain code execution on the system. From version 1.4.0 of Sourcetree for macOS, this vulnerability can be triggered from a webpage through the use of the Sourcetree URI handler. Versions of Sourcetree for macOS starting with 1.0b2 before version 2.7.0 are affected by this vulnerability. | |||||
| CVE-2017-14473 | 1 Rockwellautomation | 2 Micrologix 1400, Micrologix 1400 B Firmware | 2024-11-21 | 7.5 HIGH | 10.0 CRITICAL |
| An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: Any Description: Reads the encoded ladder logic from its data file and print it out in HEX. | |||||
| CVE-2017-14472 | 1 Rockwellautomation | 2 Micrologix 1400, Micrologix 1400 B Firmware | 2024-11-21 | 7.5 HIGH | 10.0 CRITICAL |
| An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: Any Description: Requests a specific set of bytes from an undocumented data file and returns the ASCII version of the master password. | |||||
| CVE-2017-14471 | 1 Rockwellautomation | 2 Micrologix 1400, Micrologix 1400 B Firmware | 2024-11-21 | 7.5 HIGH | 10.0 CRITICAL |
| An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: REMOTE or PROG Associated Fault Codes: 0023, 002e, and 0037 Fault Type: Recoverable Description: The STI, EII, and HSC function files contain bits signifying whether or not a fault has occurred. Additionally there is a bit signaling the module to auto start. When these bits are set for any of the three modules and the device is moved into a run state, a fault is triggered. | |||||
| CVE-2017-14470 | 1 Rockwellautomation | 2 Micrologix 1400, Micrologix 1400 B Firmware | 2024-11-21 | 7.5 HIGH | 10.0 CRITICAL |
| An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: REMOTE or PROG or RUN Description: The value 0xffffffff is considered NaN for the Float data type. When a float is set to this value and used in the PLC, a fault is triggered. NOTE: This is not possible through RSLogix. | |||||
| CVE-2017-14469 | 1 Rockwellautomation | 2 Micrologix 1400, Micrologix 1400 B Firmware | 2024-11-21 | 7.5 HIGH | 10.0 CRITICAL |
| An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: REMOTE or PROG Associated Fault Code: 0028 Fault Type: Non-User Description: Values 0x01 and 0x02 are invalid values for the user fault routine. By writing directly to the file it is possible to set these values. When this is done and the device is moved into a run state, a fault is triggered. NOTE: This is not possible through RSLogix. | |||||
| CVE-2017-14468 | 1 Rockwellautomation | 2 Micrologix 1400, Micrologix 1400 B Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: REMOTE or PROG Description: This ability is leveraged in a larger exploit to flash custom firmware. | |||||
| CVE-2017-14467 | 1 Rockwellautomation | 2 Micrologix 1400, Micrologix 1400 B Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: REMOTE Description: Live rung edits are able to be made by an unauthenticated user allowing for addition, deletion, or modification of existing ladder logic. Additionally, faults and cpu state modification can be triggered if specific ladder logic is used. | |||||
| CVE-2017-14466 | 1 Rockwellautomation | 2 Micrologix 1400, Micrologix 1400 B Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: REMOTE or PROG Description: The filetype 0x03 allows users write access, allowing the ability to overwrite the Master Password value stored in the file. | |||||
| CVE-2017-14465 | 1 Rockwellautomation | 2 Micrologix 1400, Micrologix 1400 B Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: REMOTE Description: Any input or output can be forced, causing unpredictable activity from the PLC. | |||||
| CVE-2017-14464 | 1 Rockwellautomation | 2 Micrologix 1400, Micrologix 1400 B Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability.Required Keyswitch State: REMOTE or PROG Associated Fault Code: 0001 Fault Type: Non-User Description: A fault state can be triggered by setting the NVRAM/memory module user program mismatch bit (S2:9) when a memory module is NOT installed. | |||||