Total
31907 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-0009 | 1 Juniper | 21 Junos, Srx100, Srx110 and 18 more | 2024-11-21 | 4.3 MEDIUM | 5.4 MEDIUM |
| On Juniper Networks SRX series devices, firewall rules configured to match custom application UUIDs starting with zeros can match all TCP traffic. Due to this issue, traffic that should have been blocked by other rules is permitted to flow through the device resulting in a firewall bypass condition. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D71 on SRX series; 12.3X48 versions prior to 12.3X48-D55 on SRX series; 15.1X49 versions prior to 15.1X49-D100 on SRX series. | |||||
| CVE-2018-0003 | 1 Juniper | 1 Junos | 2024-11-21 | 6.1 MEDIUM | 6.5 MEDIUM |
| A specially crafted MPLS packet received or processed by the system, on an interface configured with MPLS, will store information in the system memory. Subsequently, if this stored information is accessed, this may result in a kernel crash leading to a denial of service. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D71; 12.3 versions prior to 12.3R12-S7; 12.3X48 versions prior to 12.3X48-D55; 14.1 versions prior to 14.1R8-S5, 14.1R9; 14.1X53 versions prior to 14.1X53-D45, 14.1X53-D107; 14.2 versions prior to 14.2R7-S7, 14.2R8; 15.1 versions prior to 15.1F5-S8, 15.1F6-S8, 15.1R5-S6, 15.1R6-S3, 15.1R7; 15.1X49 versions prior to 15.1X49-D100; 15.1X53 versions prior to 15.1X53-D65, 15.1X53-D231; 16.1 versions prior to 16.1R3-S6, 16.1R4-S6, 16.1R5; 16.1X65 versions prior to 16.1X65-D45; 16.2 versions prior to 16.2R2-S1, 16.2R3; 17.1 versions prior to 17.1R2-S2, 17.1R3; 17.2 versions prior to 17.2R1-S3, 17.2R2; 17.2X75 versions prior to 17.2X75-D50. No other Juniper Networks products or platforms are affected by this issue. | |||||
| CVE-2017-9967 | 1 Schneider-electric | 1 Interactive Graphical Scada System | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| A security misconfiguration vulnerability exists in Schneider Electric's IGSS SCADA Software versions 12 and prior. Security configuration settings such as Address Space Layout Randomization (ASLR) and Data Execution prevention (DEP) were not properly configured resulting in weak security. | |||||
| CVE-2017-9966 | 1 Schneider-electric | 1 Pelco Videoxpert | 2024-11-21 | 7.1 HIGH | 7.1 HIGH |
| A privilege escalation vulnerability exists in Schneider Electric's Pelco VideoXpert Enterprise versions 2.0 and prior. By replacing certain files, an unauthorized user can obtain system privileges and the inserted code would execute at an elevated privilege level. | |||||
| CVE-2017-9317 | 1 Dahuasecurity | 12 Ipc-hdbw4xxx, Ipc-hdbw4xxx Firmware, Ipc-hdbw5xxx and 9 more | 2024-11-21 | 4.0 MEDIUM | 8.8 HIGH |
| Privilege escalation vulnerability found in some Dahua IP devices. Attacker in possession of low privilege account can gain access to credential information of high privilege account and further obtain device information or attack the device. | |||||
| CVE-2017-9286 | 1 Opensuse | 1 Leap | 2024-11-21 | 9.0 HIGH | 7.8 HIGH |
| The packaging of NextCloud in openSUSE used /srv/www/htdocs in an unsafe manner, which could have allowed scripts running as wwwrun user to escalate privileges to root during nextcloud package upgrade. | |||||
| CVE-2017-9277 | 1 Novell | 1 Edirectory | 2024-11-21 | 5.0 MEDIUM | 4.2 MEDIUM |
| The LDAP backend in Novell eDirectory before 9.0 SP4 when switched to EBA (Enhanced Background Authentication) kept open connections without EBA. | |||||
| CVE-2017-9267 | 1 Novell | 1 Edirectory | 2024-11-21 | 5.0 MEDIUM | 6.5 MEDIUM |
| In Novell eDirectory before 9.0.3.1 the LDAP interface was not strictly enforcing cipher restrictions allowing weaker ciphers to be used during SSL BIND operations. | |||||
| CVE-2017-9001 | 1 Hp | 1 Aruba Clearpass Policy Manager | 2024-11-21 | 9.3 HIGH | 8.1 HIGH |
| Aruba ClearPass 6.6.3 and later includes a feature called "SSH Lockout", which causes ClearPass to lock accounts with too many login failures through SSH. When this feature is enabled, an unauthenticated remote command execution vulnerability is present which could allow an unauthenticated user to execute arbitrary commands on the underlying operating system with "root" privilege level. This vulnerability is only present when a specific feature has been enabled. The SSH Lockout feature is not enabled by default, so only systems which have enabled this feature are vulnerable. | |||||
| CVE-2017-8992 | 1 Hp | 1 Centralview Fraud Risk Management | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| HPE has identified a remote privilege escalation vulnerability in HPE CentralView Fraud Risk Management earlier than version CV 6.1. This issue is resolved in HF16 for HPE CV 6.1 or subsequent version. | |||||
| CVE-2017-8990 | 1 Hp | 1 Imc Wireless Service Manager | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A remote code execution vulnerability was identified in HPE Intelligent Management Center (iMC) Wireless Service Manager (WSM) Software earlier than version WSM 7.3 (E0506). This issue was resolved in HPE IMC Wireless Services Manager Software IMC WSM 7.3 E0506P01 or subsequent version. | |||||
| CVE-2017-8988 | 1 Hp | 1 Xp Command View | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A Remote Bypass of Security Restrictions vulnerability was identified in HPE XP Command View Advanced Edition Software Earlier than 8.5.3-00. The vulnerability impacts DevMgr Earlier than 8.5.3-00 (for Windows, Linux), RepMgr earlier than 8.5.3-00 (for Windows, Linux) and HDLM earlier than 8.5.3-00 (for Windows, Linux, Solaris, AIX). | |||||
| CVE-2017-8987 | 1 Hp | 2 Integrated Lights-out, Integrated Lights-out 3 Firmware | 2024-11-21 | 7.8 HIGH | 8.6 HIGH |
| A Unauthenticated Remote Denial of Service vulnerability was identified in HPE Integrated Lights-Out 3 (iLO 3) version v1.88 only. The vulnerability is resolved in iLO3 v1.89 or subsequent versions. | |||||
| CVE-2017-8984 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | 9.3 HIGH | 8.8 HIGH |
| A remote code execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0506P03 was found. | |||||
| CVE-2017-8982 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A Remote Authentication Restriction Bypass vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P4 was found. | |||||
| CVE-2017-8979 | 1 Hp | 2 Integrated Lights-out, Integrated Lights-out 2 Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Security vulnerabilities in the HPE Integrated Lights-Out 2 (iLO 2) firmware could be exploited remotely to allow authentication bypass, code execution, and denial of service. | |||||
| CVE-2017-8974 | 1 Hp | 2 Nonstop Server, Nonstop Server Software | 2024-11-21 | 3.6 LOW | 4.4 MEDIUM |
| A Local Authentication Restriction Bypass vulnerability in HPE NonStop Server version L-Series: T6533L01 through T6533L01^ADN; J-Series and H-series: T6533H02 through T6533H04^ADF and T6533H05 through T6533H05^ADL was found. | |||||
| CVE-2017-8968 | 1 Hp | 1 Restful Interface Tool | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| A remote execution of arbitrary code vulnerability has been identified in HPE RESTful Interface Tool 1.5, 2.0 (hprest-1.5-79.x86_64.rpm, ilorest-2.0-403.x86_64.rpm). The issue is resolved in iLOREST v2.1 or subsequent versions. | |||||
| CVE-2017-8960 | 1 Hp | 4 Msa 1040 San Storage, Msa 1040 San Storage Firmware, Msa 2040 San Storage and 1 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An Authentication Bypass vulnerability in HPE MSA 1040 and MSA 2040 SAN Storage IN version GL220P008 and earlier was found. | |||||
| CVE-2017-8959 | 1 Hp | 4 Msa 1040 San Storage, Msa 1040 San Storage Firmware, Msa 2040 San Storage and 1 more | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An Authentication Bypass vulnerability in HPE MSA 1040 and HPE MSA 2040 SAN Storage in version GL220P008 and earlier and was found. | |||||