Search
CVE ID | CWE ID | CVSS Score | Publish Date | Update Date |
---|---|---|---|---|
CVE-2017-17302 | 119 | 2.1 | 2018-02-15 | 2018-02-27 |
Huawei DP300 V500R002C00, RP200 V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00 have a memory leak vulnerability. An authenticated, local attacker may craft and load some specific Certificate Revocation List(CRL) configuration files to the devices repeatedly. Due to not release allocated memory properly, successful exploit may result in memory leak and services abnormal. | ||||
CVE-2017-17162 | 399 | 2.1 | 2018-02-15 | 2018-02-26 |
Huawei Secospace USG6600 V500R001C30SPC100, Secospace USG6600 V500R001C30SPC200, Secospace USG6600 V500R001C30SPC300, USG9500 V500R001C30SPC100, USG9500 V500R001C30SPC200, USG9500 V500R001C30SPC300 have a memory leak vulnerability due to memory don't be released when an local authenticated attacker execute special commands many times. An attacker could exploit it to cause memory leak, which may further lead to system exceptions. | ||||
CVE-2017-17163 | 119 | 2.1 | 2018-02-15 | 2018-02-26 |
Huawei Secospace USG6600 V500R001C30SPC100 has an Out-of-Bounds memory access vulnerability due to insufficient verification. An authenticated local attacker can make processing crash by executing some commands. The attacker can exploit this vulnerability to cause a denial of service. | ||||
CVE-2017-17289 | 399 | 2.1 | 2018-02-15 | 2018-02-26 |
Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00 have a memory leak vulnerability. The software does not release allocated memory properly when handling XML data. An authenticated, local attacker could upload crafted XML file repeatedly to cause memory leak and service abnormal. | ||||
CVE-2017-10689 | 284 | 2.1 | 2018-02-09 | 2018-02-26 |
In previous versions of Puppet Agent it was possible to install a module with world writable permissions. Puppet Agent 5.3.4 and 1.10.10 included a fix to this vulnerability. | ||||
CVE-2017-15352 | 284 | 2.9 | 2018-02-15 | 2018-02-24 |
Huawei OceanStor 2800 V3, V300R003C00, V300R003C20, OceanStor 5300 V3, V300R003C00, V300R003C10, V300R003C20, OceanStor 5500 V3, V300R003C00, V300R003C10, V300R003C20, OceanStor 5600 V3, V300R003C00, V300R003C10, V300R003C20, OceanStor 5800 V3, V300R003C00, V300R003C10, V300R003C20 have an improper access control vulnerability. Due to incorrectly restrict access to a resource, an attacker with high privilege may exploit the vulnerability to query some information or send specific message to cause some service abnormal. | ||||
CVE-2016-3952 | 255 | 2.1 | 2018-02-06 | 2018-02-24 |
web2py before 2.14.1, when using the standalone version, allows remote attackers to obtain environment variable values via a direct request to examples/template_examples/beautify. NOTE: this issue can be leveraged by remote attackers to gain administrative access. | ||||
CVE-2016-3954 | 200 | 2.1 | 2018-02-06 | 2018-02-24 |
web2py before 2.14.2 allows remote attackers to obtain the session_cookie_key value via a direct request to examples/simple_examples/status. NOTE: this issue can be leveraged by remote attackers to execute arbitrary code using CVE-2016-3957. | ||||
CVE-2018-5790 | 119 | 2.9 | 2018-02-04 | 2018-02-22 |
An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is Remote, Unauthenticated "Global" Denial of Service in the RIM (Radio Interface Module) over the MINT (Media Independent Tunnel) Protocol on the WiNG Access Point via crafted packets. | ||||
CVE-2014-1835 | 255 | 2.1 | 2018-02-02 | 2018-02-14 |
The perform_request function in /lib/echor/backplane.rb in echor 0.1.6 Ruby Gem allows local users to steal the login credentials by watching the process table. | ||||
CVE-2017-16556 | 20 | 2.1 | 2018-01-16 | 2018-01-31 |
In K7 Antivirus Premium before 15.1.0.53, user-controlled input can be used to allow local users to write to arbitrary memory locations. | ||||
CVE-2017-17429 | 264 | 2.1 | 2018-01-16 | 2018-01-31 |
In K7 Antivirus Premium before 15.1.0.53, user-controlled input to the K7Sentry device is not sufficiently authenticated: a local user with a LOW integrity process can access a raw hard disk by sending a specific IOCTL. | ||||
CVE-2014-3471 | 416 | 2.1 | 2018-01-12 | 2018-01-31 |
Use-after-free vulnerability in hw/pci/pcie.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (QEMU instance crash) via hotplug and hotunplug operations of Virtio block devices. | ||||
CVE-2017-1681 | 200 | 2.1 | 2018-01-11 | 2018-01-31 |
IBM WebSphere Application Server (IBM Liberty for Java for Bluemix 3.15) could allow a local attacker to obtain sensitive information, caused by improper handling of application requests, which could allow unauthorized access to read a file. IBM X-Force ID: 134003. | ||||
CVE-2014-4991 | 200 | 2.1 | 2018-01-10 | 2018-01-30 |
(1) lib/dataset/database/mysql.rb and (2) lib/dataset/database/postgresql.rb in the codders-dataset gem 1.3.2.1 for Ruby place credentials on the mysqldump command line, which allows local users to obtain sensitive information by listing the process. | ||||
CVE-2014-4992 | 200 | 2.1 | 2018-01-10 | 2018-01-30 |
lib/cap-strap/helpers.rb in the cap-strap gem 0.1.5 for Ruby places credentials on the useradd command line, which allows local users to obtain sensitive information by listing the process. | ||||
CVE-2014-4993 | 200 | 2.1 | 2018-01-10 | 2018-01-30 |
(1) lib/backup/cli/utility.rb in the backup-agoddard gem 3.0.28 and (2) lib/backup/cli/utility.rb in the backup_checksum gem 3.0.23 for Ruby place credentials on the openssl command line, which allows local users to obtain sensitive information by listing the process. | ||||
CVE-2014-4994 | 20 | 2.1 | 2018-01-10 | 2018-01-30 |
lib/gyazo/client.rb in the gyazo gem 1.0.0 for Ruby allows local users to write to arbitrary files via a symlink attack on a temporary file, related to time-based filenames. | ||||
CVE-2014-4996 | 59 | 2.1 | 2018-01-10 | 2018-01-30 |
lib/vlad/dba/mysql.rb in the VladTheEnterprising gem 0.2 for Ruby allows local users to write to arbitrary files via a symlink attack on /tmp/my.cnf.#{target_host}. | ||||
CVE-2014-4997 | 200 | 2.1 | 2018-01-10 | 2018-01-30 |
lib/commands/setup.rb in the point-cli gem 0.0.1 for Ruby places credentials on the curl command line, which allows local users to obtain sensitive information by listing the process. | ||||
CVE-2014-4998 | 200 | 2.1 | 2018-01-10 | 2018-01-30 |
test/tc_database.rb in the lean-ruport gem 0.3.8 for Ruby places the mysql user password on the mysqldump command line, which allows local users to obtain sensitive information by listing the process. | ||||
CVE-2014-4999 | 200 | 2.1 | 2018-01-10 | 2018-01-30 |
vendor/plugins/dataset/lib/dataset/database/mysql.rb in the kajam gem 1.0.3.rc2 for Ruby places the mysql user password on the (1) mysqldump command line in the capture function and (2) mysql command line in the restore function, which allows local users to obtain sensitive information by listing the process. | ||||
CVE-2014-5000 | 200 | 2.1 | 2018-01-10 | 2018-01-30 |
The login function in lib/lawn.rb in the lawn-login gem 0.0.7 for Ruby places credentials on the curl command line, which allows local users to obtain sensitive information by listing the process. | ||||
CVE-2014-5001 | 200 | 2.1 | 2018-01-10 | 2018-01-30 |
lib/ksymfony1.rb in the kcapifony gem 2.1.6 for Ruby places database user passwords on the (1) mysqldump, (2) pg_dump, (3) mysql, and (4) psql command lines, which allows local users to obtain sensitive information by listing the processes. | ||||
CVE-2014-5002 | 200 | 2.1 | 2018-01-10 | 2018-01-30 |
The lynx gem 0.2.0 for Ruby places the configured password on command lines, which allows local users to obtain sensitive information by listing processes. | ||||
CVE-2014-5003 | 20 | 2.1 | 2018-01-10 | 2018-01-30 |
chef/travis-cookbooks/ci_environment/perlbrew/recipes/default.rb in the ciborg gem 3.0.0 for Ruby allows local users to write to arbitrary files and gain privileges via a symlink attack on /tmp/perlbrew-installer. | ||||
CVE-2014-5004 | 200 | 2.1 | 2018-01-10 | 2018-01-30 |
lib/brbackup.rb in the brbackup gem 0.1.1 for Ruby places the database password on the mysql command line, which allows local users to obtain sensitive information by listing the process. | ||||
CVE-2014-1858 | 20 | 2.1 | 2018-01-08 | 2018-01-30 |
__init__.py in f2py in NumPy before 1.8.1 allows local users to write to arbitrary files via a symlink attack on a temporary file. | ||||
CVE-2014-1859 | 59 | 2.1 | 2018-01-08 | 2018-01-30 |
(1) core/tests/test_memmap.py, (2) core/tests/test_multiarray.py, (3) f2py/f2py2e.py, and (4) lib/tests/test_io.py in NumPy before 1.8.1 allow local users to write to arbitrary files via a symlink attack on a temporary file. | ||||
CVE-2017-1000455 | 346 | 2.1 | 2018-01-02 | 2018-01-30 |
GuixSD prior to Git commit 5e66574a128937e7f2fcf146d146225703ccfd5d used POSIX hard links incorrectly, leading the creation of setuid executables in "the store", violating a fundamental security assumption of GNU Guix. | ||||
CVE-2018-2575 | 200 | 2.1 | 2018-01-17 | 2018-01-25 |
Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 11.2.0.4 and 12.2.0.1. Difficult to exploit vulnerability allows high privileged attacker having Local Logon privilege with network access via multiple protocols to compromise Core RDBMS. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Core RDBMS accessible data. Note: Applicable only to Windows platform. CVSS 3.0 Base Score 2.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N). | ||||
CVE-2018-2577 | 200 | 2.1 | 2018-01-17 | 2018-01-25 |
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11.3. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Solaris accessible data. CVSS 3.0 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). | ||||
CVE-2018-2580 | 284 | 2.1 | 2018-01-17 | 2018-01-25 |
Vulnerability in the Oracle Applications DBA component of Oracle E-Business Suite (subcomponent: ADPatch). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Applications DBA executes to compromise Oracle Applications DBA. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Applications DBA accessible data. CVSS 3.0 Base Score 4.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N). | ||||
CVE-2018-2606 | 200 | 2.1 | 2018-01-17 | 2018-01-24 |
Vulnerability in the Oracle Hospitality Guest Access component of Oracle Hospitality Applications (subcomponent: Base). Supported versions that are affected are 4.2.0 and 4.2.1. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Hospitality Guest Access executes to compromise Oracle Hospitality Guest Access. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Guest Access accessible data. CVSS 3.0 Base Score 6.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). | ||||
CVE-2014-8335 | 255 | 2.1 | 2018-01-05 | 2018-01-19 |
(1) wp-dbmanager.php and (2) database-manage.php in the WP-DBManager (aka Database Manager) plugin before 2.7.2 for WordPress place credentials on the mysqldump command line, which allows local users to obtain sensitive information by listing the process. | ||||
CVE-2017-4945 | 284 | 2.1 | 2018-01-05 | 2018-01-19 |
VMware Workstation (14.x and 12.x) and Fusion (10.x and 8.x) contain a guest access control vulnerability. This issue may allow program execution via Unity on locked Windows VMs. VMware Tools must be updated to 10.2.0 for each VM to resolve CVE-2017-4945. VMware Tools 10.2.0 is consumed by Workstation 14.1.0 and Fusion 10.1.0 by default. | ||||
CVE-2018-0780 | 200 | 2.6 | 2018-01-04 | 2018-01-19 |
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system, due to how the scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2018-0767 and CVE-2018-0800. | ||||
CVE-2018-5252 | 20 | 2.6 | 2018-01-05 | 2018-01-18 |
libimageworsener.a in ImageWorsener 1.3.2, when libjpeg 8d is used, has a large loop in the get_raw_sample_int function in imagew-main.c. | ||||
CVE-2018-0741 | 200 | 2.6 | 2018-01-04 | 2018-01-18 |
The Color Management Module (Icm32.dll) in Windows 7 SP1 and Windows Server 2008 SP2 and R2 SP1 allows an information disclosure vulnerability due to the way objects are handled in memory, aka "Microsoft Color Management Information Disclosure Vulnerability". | ||||
CVE-2018-0754 | 200 | 2.1 | 2018-01-04 | 2018-01-18 |
The Windows Adobe Type Manager Font Driver (Atmfd.dll) in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way objects are handled in memory, aka "OpenType Font Driver Information Disclosure Vulnerability". | ||||
CVE-2018-0767 | 200 | 2.6 | 2018-01-04 | 2018-01-17 |
Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system, due to how the scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2018-0780 and CVE-2018-0800. | ||||
CVE-2017-1000485 | 275 | 2.1 | 2018-01-03 | 2018-01-17 |
Nylas Mail Lives 2.2.2 uses 0755 permissions for $HOME/.nylas-mail, which allows local users to obtain sensitive authentication information via standard filesystem operations. | ||||
CVE-2018-0750 | 200 | 2.1 | 2018-01-04 | 2018-01-12 |
The Windows GDI component in Windows 7 SP1 and Windows Server 2008 SP2 and R2 SP1 allows an information disclosure vulnerability due to the way objects are handled in memory, aka "Windows Elevation of Privilege Vulnerability". | ||||
CVE-2017-1716 | 200 | 2.1 | 2017-12-13 | 2017-12-27 |
IBM Tivoli Workload Scheduler 8.6.0, 9.1.0, and 9.2.0 could disclose sensitive information to a local attacker due to improper permission settings. IBM X-Force ID: 134638. | ||||
CVE-2017-15529 | 400 | 2.1 | 2017-12-13 | 2017-12-27 |
Prior to 4.4.1.10, the Norton Family Android App can be susceptible to a Denial of Service (DoS) exploit. A DoS attack is a type of attack whereby the perpetrator attempts to make a particular device unavailable to its intended user by temporarily or indefinitely disrupting services of a specific host within a network. | ||||
CVE-2017-15530 | 200 | 2.1 | 2017-12-13 | 2017-12-27 |
Prior to 4.4.1.10, the Norton Family Android App can be susceptible to an Information Disclosure issue. Information disclosure is a very common issue that attackers will attempt to exploit as a first pass across the application. As they probe the application they will take note of anything that may seem out of place or any bit of information they can use to their advantage such as error messages, system information, user data, version numbers, component names, URL paths, or even simple typos and misspellings. | ||||
CVE-2017-11887 | 200 | 2.6 | 2017-12-12 | 2017-12-26 |
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system, due to how Internet Explorer handle objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11906 and CVE-2017-11919. | ||||
CVE-2017-11906 | 200 | 2.6 | 2017-12-12 | 2017-12-26 |
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system, due to how Internet Explorer handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11887 and CVE-2017-11919. | ||||
CVE-2017-11919 | 200 | 2.6 | 2017-12-12 | 2017-12-26 |
ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016, and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system, due to how the scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11887 and CVE-2017-11906. | ||||
CVE-2017-17381 | 369 | 2.1 | 2017-12-06 | 2017-12-22 |
The Virtio Vring implementation in QEMU allows local OS guest users to cause a denial of service (divide-by-zero error and QEMU process crash) by unsetting vring alignment while updating Virtio rings. |
Facebook Comments