|
|
Security Vulnerabilities Published
In December 2017 (CVSS score >= 7)
| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
251 |
CVE-2017-16370 |
125 |
|
|
2017-12-09 |
2017-12-15 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs because of a computation that reads data that is past the end of the target buffer; the computation is a part of the JavaScript engine. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure. |
|
252 |
CVE-2017-16368 |
119 |
|
Exec Code Overflow |
2017-12-09 |
2017-12-15 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability leads to a stack-based buffer overflow condition in the internal Unicode string manipulation module. It is triggered by an invalid PDF file, where a crafted Unicode string causes an out of bounds memory access of a stack allocated buffer, due to improper checks when manipulating an offset of a pointer to the buffer. Attackers can exploit the vulnerability and achieve arbitrary code execution if they can effectively control the accessible memory. |
|
253 |
CVE-2017-16367 |
704 |
|
Overflow Mem. Corr. +Info |
2017-12-09 |
2017-12-14 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a type confusion overflow vulnerability. The vulnerability leads to an out of bounds memory access. Attackers can exploit the vulnerability by using the out of bounds access for unintended reads or writes -- potentially leading to code corruption, control-flow hijack, or an information leak attack. |
|
254 |
CVE-2017-16365 |
125 |
|
+Info |
2017-12-09 |
2019-10-03 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a buffer over-read in the True Type2 Font parsing module. A corrupted cmap table input leads to a computation where the pointer arithmetic results in a location outside valid memory locations belonging to the buffer. An attack can be used to obtain sensitive information, such as object heap addresses, etc. |
|
255 |
CVE-2017-16364 |
119 |
|
Overflow |
2017-12-09 |
2017-12-14 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This issue is due to an untrusted pointer dereference when handling number format dictionary entries. In this scenario, the input is crafted in way that the computation results in pointers to memory locations that do not belong to the relevant process address space. The dereferencing operation is a read operation, and an attack can result in sensitive data exposure. |
|
256 |
CVE-2017-16363 |
125 |
|
+Info |
2017-12-09 |
2019-10-03 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a buffer over-read in the module that handles character codes for certain textual representations. Invalid input leads to a computation where the pointer arithmetic results in a location outside valid memory locations belonging to the buffer. An attack can be used to obtain sensitive information, such as object heap addresses, etc. |
|
257 |
CVE-2017-16362 |
125 |
|
Mem. Corr. +Info |
2017-12-09 |
2017-12-14 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of an out of bounds read vulnerability in the MakeAccesible plugin, when handling font data. It causes an out of bounds memory access, which sometimes triggers an access violation exception. Attackers can exploit the vulnerability by using the out of bounds access for unintended reads, writes, or frees, potentially leading to code corruption, control-flow hijack, or an information leak attack. |
|
258 |
CVE-2017-16360 |
416 |
|
Exec Code Mem. Corr. +Info |
2017-12-09 |
2017-12-15 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the MakeAccessible plugin, when creating an internal data structure. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution. |
|
259 |
CVE-2017-15944 |
|
|
Exec Code |
2017-12-11 |
2020-02-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.6 allows remote attackers to execute arbitrary code via vectors involving the management interface. |
|
260 |
CVE-2017-15940 |
77 |
|
Exec Code |
2017-12-11 |
2020-02-17 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
The web interface packet capture management component in Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.6 allows remote authenticated users to execute arbitrary code via unspecified vectors. |
|
261 |
CVE-2017-15876 |
434 |
|
|
2017-12-19 |
2018-01-05 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
Unrestricted File Upload vulnerability in GPWeb 8.4.61 allows remote authenticated users to upload any type of file, including a PHP shell. |
|
262 |
CVE-2017-15875 |
89 |
|
Exec Code Sql |
2017-12-19 |
2018-01-02 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in Password Recovery in GPWeb 8.4.61 allows remote attackers to execute arbitrary SQL commands via the "checkemail" parameter. |
|
263 |
CVE-2017-15870 |
|
|
+Priv |
2017-12-11 |
2020-02-17 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Palo Alto Networks GlobalProtect Agent before 4.0.3 allows attackers with administration rights on the local station to gain SYSTEM privileges via vectors involving "image path execution hijacking." |
|
264 |
CVE-2017-15868 |
20 |
|
+Priv |
2017-12-05 |
2019-10-03 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The bnep_add_connection function in net/bluetooth/bnep/core.c in the Linux kernel before 3.19 does not ensure that an l2cap socket is available, which allows local users to gain privileges via a crafted application. |
|
265 |
CVE-2017-15813 |
119 |
|
Overflow |
2017-12-05 |
2017-12-15 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a buffer overflow can occur while reading firmware logs. |
|
266 |
CVE-2017-15708 |
74 |
|
Exec Code |
2017-12-11 |
2022-03-08 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
In Apache Synapse, by default no authentication is required for Java Remote Method Invocation (RMI). So Apache Synapse 3.0.1 or all previous releases (3.0.0, 2.1.0, 2.0.0, 1.2, 1.1.2, 1.1.1) allows remote code execution attacks that can be performed by injecting specially crafted serialized objects. And the presence of Apache Commons Collections 3.2.1 (commons-collections-3.2.1.jar) or previous versions in Synapse distribution makes this exploitable. To mitigate the issue, we need to limit RMI access to trusted users only. Further upgrading to 3.0.1 version will eliminate the risk of having said Commons Collection version. In Synapse 3.0.1, Commons Collection has been updated to 3.2.2 version. |
|
267 |
CVE-2017-15702 |
|
|
|
2017-12-01 |
2019-10-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
In Apache Qpid Broker-J 0.18 through 0.32, if the broker is configured with different authentication providers on different ports one of which is an HTTP port, then the broker can be tricked by a remote unauthenticated attacker connecting to the HTTP port into using an authentication provider that was configured on a different port. The attacker still needs valid credentials with the authentication provider on the spoofed port. This becomes an issue when the spoofed port has weaker authentication protection (e.g., anonymous access, default accounts) and is normally protected by firewall rules or similar which can be circumvented by this vulnerability. AMQP ports are not affected. Versions 6.0.0 and newer are not affected. |
|
268 |
CVE-2017-15607 |
22 |
|
Dir. Trav. |
2017-12-01 |
2017-12-15 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Inedo Otter before 1.7.4 has directory traversal in filesystem-based rafts via vectors involving '/' characters or initial '.' characters, aka OT-181. |
|
269 |
CVE-2017-15324 |
20 |
|
|
2017-12-22 |
2018-01-17 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Huawei S5700 and S6700 with software of V200R005C00 have a DoS vulnerability due to insufficient validation of the Network Quality Analysis (NQA) packets. A remote attacker could exploit this vulnerability by sending malformed NQA packets to the target device. Successful exploitation could make the device restart. |
|
270 |
CVE-2017-15320 |
125 |
|
|
2017-12-22 |
2018-01-05 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
RP200 V500R002C00, V600R006C00; TE30 V100R001C10, V500R002C00, V600R006C00; TE40 V500R002C00, V600R006C00; TE50 V500R002C00, V600R006C00; TE60 V100R001C10, V500R002C00, V600R006C00 have an out-of-bounds read vulnerabilities in some Huawei products. Due to insufficient input validation, a remote attacker could exploit these vulnerabilities by sending specially crafted SS7 related packets to the target devices. Successful exploit will cause out-of-bounds read and possibly crash the system. |
|
271 |
CVE-2017-15319 |
125 |
|
|
2017-12-22 |
2018-01-05 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
RP200 V500R002C00, V600R006C00; TE30 V100R001C10, V500R002C00, V600R006C00; TE40 V500R002C00, V600R006C00; TE50 V500R002C00, V600R006C00; TE60 V100R001C10, V500R002C00, V600R006C00 have an out-of-bounds read vulnerabilities in some Huawei products. Due to insufficient input validation, a remote attacker could exploit these vulnerabilities by sending specially crafted SS7 related packets to the target devices. Successful exploit will cause out-of-bounds read and possibly crash the system. |
|
272 |
CVE-2017-15318 |
125 |
|
|
2017-12-22 |
2018-01-05 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
RP200 V500R002C00, V600R006C00; TE30 V100R001C10, V500R002C00, V600R006C00; TE40 V500R002C00, V600R006C00; TE50 V500R002C00, V600R006C00; TE60 V100R001C10, V500R002C00, V600R006C00 have an out-of-bounds read vulnerabilities in some Huawei products. Due to insufficient input validation, a remote attacker could exploit these vulnerabilities by sending specially crafted SS7 related packets to the target devices. Successful exploit will cause out-of-bounds read and possibly crash the system. |
|
273 |
CVE-2017-15317 |
125 |
|
|
2017-12-22 |
2018-01-12 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30; AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30; AR1200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30; AR150 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30; AR150-S V200R006C10, V200R007C00, V200R008C20, V200R008C30; AR160 V200R006C10, V200R006C12, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30; AR200 V200R006C10, V200R007C00, V200R007C01, V200R008C20, V200R008C30; AR200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30; AR2200 V200R006C10, V200R006C13, V200R006C16, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30; AR2200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30; AR3200 V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30; AR510 V200R006C10, V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00, V200R008C20, V200R008C30; SRG1300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30; SRG2300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30; SRG3300 V200R006C10, V200R007C00, V200R008C20, V200R008C30 have an input validation vulnerability in Huawei multiple products. Due to the insufficient input validation, an unauthenticated, remote attacker may craft a malformed Stream Control Transmission Protocol (SCTP) packet and send it to the device, causing the device to read out of bounds and restart. |
|
274 |
CVE-2017-15316 |
415 |
|
Exec Code |
2017-12-22 |
2018-01-05 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The GPU driver of Mate 9 Huawei smart phones with software before MHA-AL00B 8.0.0.334(C00) and Mate 9 Pro Huawei smart phones with software before LON-AL00B 8.0.0.334(C00) has a memory double free vulnerability. An attacker tricks a user into installing a malicious application, and the application can call special API, which triggers double free and causes a system crash or arbitrary code execution. |
|
275 |
CVE-2017-15103 |
20 |
|
Exec Code |
2017-12-18 |
2019-10-09 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
A security-check flaw was found in the way the Heketi 5 server API handled user requests. An authenticated Heketi user could send specially crafted requests to the Heketi server, resulting in remote command execution as the user running Heketi server and possibly privilege escalation. |
|
276 |
CVE-2017-15049 |
78 |
|
Exec Code |
2017-12-19 |
2021-05-14 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The ZoomLauncher binary in the Zoom client for Linux before 2.0.115900.1201 does not properly sanitize user input when constructing a shell command, which allows remote attackers to execute arbitrary code by leveraging the zoommtg:// scheme handler. |
|
277 |
CVE-2017-14969 |
787 |
|
|
2017-12-20 |
2018-01-08 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x83000084, a related issue to CVE-2017-17114. |
|
278 |
CVE-2017-14968 |
20 |
|
|
2017-12-20 |
2018-01-08 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x830000c4, a related issue to CVE-2017-17113. |
|
279 |
CVE-2017-14967 |
20 |
|
|
2017-12-20 |
2018-01-08 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x83000080. |
|
280 |
CVE-2017-14966 |
20 |
|
|
2017-12-20 |
2018-01-03 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x830000c0. |
|
281 |
CVE-2017-14965 |
20 |
|
|
2017-12-20 |
2018-01-03 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x830000cc. |
|
282 |
CVE-2017-14964 |
20 |
|
|
2017-12-20 |
2018-01-03 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x8300005c. |
|
283 |
CVE-2017-14963 |
20 |
|
|
2017-12-20 |
2018-01-03 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x83000058. |
|
284 |
CVE-2017-14962 |
787 |
|
|
2017-12-20 |
2018-01-08 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an Out of Bounds Write vulnerability because of not validating input values from IOCtl 0x83000058, a related issue to CVE-2017-17112. |
|
285 |
CVE-2017-14918 |
416 |
|
|
2017-12-05 |
2017-12-20 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the GPS location wireless interface, a Use After Free condition can occur. |
|
286 |
CVE-2017-14917 |
119 |
|
Overflow |
2017-12-05 |
2017-12-20 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, buffer sizes in the message passing interface are not properly validated. |
|
287 |
CVE-2017-14916 |
119 |
|
Overflow |
2017-12-05 |
2017-12-20 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, buffer sizes in the message passing interface are not properly validated. |
|
288 |
CVE-2017-14914 |
20 |
|
|
2017-12-05 |
2017-12-20 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, handles in the global client structure can become stale. |
|
289 |
CVE-2017-14909 |
20 |
|
|
2017-12-05 |
2017-12-19 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a count value that is read from a file is not properly validated. |
|
290 |
CVE-2017-14908 |
20 |
|
|
2017-12-05 |
2017-12-19 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, the SafeSwitch test application does not properly validate the number of blocks to verify. |
|
291 |
CVE-2017-14907 |
|
|
|
2017-12-05 |
2019-10-03 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, cryptographic strength is reduced while deriving disk encryption key. |
|
292 |
CVE-2017-14904 |
416 |
|
|
2017-12-05 |
2019-10-03 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a crafted binder request can cause an arbitrary unmap in MediaServer. |
|
293 |
CVE-2017-14897 |
119 |
|
Overflow |
2017-12-05 |
2017-12-15 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while handling the QSEOS_RPMB_CHECK_PROV_STATUS_COMMAND, a userspace buffer is directly accessed in kernel space. |
|
294 |
CVE-2017-14895 |
672 |
|
|
2017-12-05 |
2019-10-03 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, after a subsystem reset, iwpriv is not giving correct information. |
|
295 |
CVE-2017-14855 |
|
|
DoS |
2017-12-30 |
2019-10-03 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Red Lion HMI panels allow remote attackers to cause a denial of service (software exception) via an HTTP POST request to a long URI that does not exist, as demonstrated by version HMI 2.41 PLC 2.42. |
|
296 |
CVE-2017-14590 |
|
|
Exec Code |
2017-12-13 |
2019-10-03 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
Bamboo did not check that the name of a branch in a Mercurial repository contained argument parameters. An attacker who has permission to create a repository in Bamboo, edit an existing plan that has a non-linked Mercurialrepository, create or edit a plan when there is at least one linked Mercurial repository that the attacker has permission to use, or commit to a Mercurial repository used by a Bamboo plan which has branch detection enabled can execute code of their choice on systems that run a vulnerable version of Bamboo Server. Versions of Bamboo starting with 2.7.0 before 6.1.6 (the fixed version for 6.1.x) and from 6.2.0 before 6.2.5 (the fixed version for 6.2.x) are affected by this vulnerability. |
|
297 |
CVE-2017-14380 |
269 |
|
|
2017-12-13 |
2019-10-03 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
In EMC Isilon OneFS 8.1.0.0, 8.0.1.0 - 8.0.1.1, 8.0.0.0 - 8.0.0.4, 7.2.1.0 - 7.2.1.5, 7.2.0.x, and 7.1.1.x, a malicious compliance admin (compadmin) account user could exploit a vulnerability in isi_get_itrace or isi_get_profile maintenance scripts to run any shell script as system root on a cluster in compliance mode. This could potentially lead to an elevation of privilege for the compadmin user and violate compliance mode. |
|
298 |
CVE-2017-14374 |
798 |
|
|
2017-12-06 |
2017-12-27 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The SMI-S service in Dell Storage Manager versions earlier than 16.3.20 (aka 2016 R3.20) is protected using a hard-coded password. A remote user with the knowledge of the password might potentially disable the SMI-S service via HTTP requests, affecting storage management and monitoring functionality via the SMI-S interface. This issue, aka DSM-30415, only affects a Windows installation of the Data Collector (not applicable to the virtual appliance). |
|
299 |
CVE-2017-14355 |
|
|
|
2017-12-05 |
2019-10-03 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
A potential security vulnerability has been identified in HPE Connected Backup versions 8.6 and 8.8.6. The vulnerability could be exploited locally to allow escalation of privilege. |
|
300 |
CVE-2017-14091 |
345 |
|
|
2017-12-16 |
2017-12-27 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
A vulnerability in Trend Micro ScanMail for Exchange 12.0 exists in which certain specific installations that utilize a uncommon feature - Other Update Sources - could be exploited to overwrite sensitive files in the ScanMail for Exchange directory. |
Total number of vulnerabilities : 444
Page :
1
2
3
4
5
6
(This Page) 7
8
9
|
|
