Total
32233 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-2825 | 2 Debian, Zabbix | 2 Debian Linux, Zabbix | 2024-11-21 | 6.8 MEDIUM | 7.0 HIGH |
In the trapper functionality of Zabbix Server 2.4.x, specifically crafted trapper packets can pass database logic checks, resulting in database writes. An attacker can set up a Man-in-the-Middle server to alter trapper requests made between an active Zabbix proxy and Server to trigger this vulnerability. | |||||
CVE-2017-2747 | 1 Hp | 44 110, 110 Firmware, 310 and 41 more | 2024-11-21 | 2.1 LOW | 7.8 HIGH |
HP has identified a potential security vulnerability before IG_11_00_00.10 for DesignJet T790, T795, T1300, T2300, before MRY_04_05_00.5 for DesignJet T920, T930, T1500, T1530, T2500, T2530, before AENEAS_03_04_00.9 for DesignJet T3500, before NEXUS_01_12_00.11 for Latex 310, 330, 360, 370, before NEXUS_03_12_00.15 for Latex 315, 335, 365, 375, before STORM_00_05_01.6 for Latex 560, 570 and Latex 110 that may expose the credentials of the SMTP server configured to receive and process emails generated by the printers. | |||||
CVE-2017-2742 | 1 Hp | 1 Web Jetadmin | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
A potential security vulnerability has been identified with HP Web Jetadmin before 10.4 SR2. This vulnerability could potentially be exploited to create a denial of service. | |||||
CVE-2017-2741 | 1 Hp | 76 D3q15a, D3q15a Firmware, D3q15b and 73 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
A potential security vulnerability has been identified with HP PageWide Printers, HP OfficeJet Pro Printers, with firmware before 1708D. This vulnerability could potentially be exploited to execute arbitrary code. | |||||
CVE-2017-2740 | 1 Hp | 1 Thinpro | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
A potential security vulnerability has been identified with the command line shell of the HP ThinPro operating system 6.1, 5.2.1, 5.2, 5.1, 5.0, and 4.4. The vulnerability could result in a local unauthorized elevation of privilege on an HP thin client device. | |||||
CVE-2017-2664 | 1 Redhat | 2 Cloudforms, Cloudforms Management Engine | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
CloudForms Management Engine (cfme) before 5.7.3 and 5.8.x before 5.8.1 lacks RBAC controls on certain methods in the rails application portion of CloudForms. An attacker with access could use a variety of methods within the rails application portion of CloudForms to escalate privileges. | |||||
CVE-2017-2663 | 1 Redhat | 1 Subscription-manager | 2024-11-21 | 4.6 MEDIUM | 8.2 HIGH |
It was found that subscription-manager's DBus interface before 1.19.4 let unprivileged user access the com.redhat.RHSM1.Facts.GetFacts and com.redhat.RHSM1.Config.Set methods. An unprivileged local attacker could use these methods to gain access to private information, or launch a privilege escalation attack. | |||||
CVE-2017-2650 | 1 Jenkins | 1 Pipeline Classpath Step | 2024-11-21 | 6.0 MEDIUM | 8.5 HIGH |
It was found that the use of Pipeline: Classpath Step Jenkins plugin enables a bypass of the Script Security sandbox for users with SCM commit access, as well as users with e.g. Job/Configure permission in Jenkins. | |||||
CVE-2017-2602 | 1 Jenkins | 1 Jenkins | 2024-11-21 | 4.0 MEDIUM | 3.1 LOW |
jenkins before versions 2.44, 2.32.2 is vulnerable to an improper blacklisting of the Pipeline metadata files in the agent-to-master security subsystem. This could allow metadata files to be written to by malicious agents (SECURITY-358). | |||||
CVE-2017-2589 | 2 Hawt, Redhat | 2 Hawtio, Jboss Fuse | 2024-11-21 | 6.0 MEDIUM | 8.7 HIGH |
It was discovered that the hawtio servlet 1.4 uses a single HttpClient instance to proxy requests with a persistent cookie store (cookies are stored locally and are not passed between the client and the end URL) which means all clients using that proxy are sharing the same cookies. | |||||
CVE-2017-2375 | 1 Apple | 1 Iphone Os | 2024-11-21 | 2.1 LOW | 3.3 LOW |
An issue existed in preventing the uploading of CallKit call history to iCloud. This issue was addressed through improved logic. This issue is fixed in iOS 10.2.1. Updates for CallKit call history are sent to iCloud. | |||||
CVE-2017-2293 | 1 Puppet | 1 Puppet Enterprise | 2024-11-21 | 5.5 MEDIUM | 4.9 MEDIUM |
Versions of Puppet Enterprise prior to 2016.4.5 or 2017.2.1 shipped with an MCollective configuration that allowed the package plugin to install or remove arbitrary packages on all managed agents. This release adds default configuration to not allow these actions. Customers who rely on this functionality can change this policy. | |||||
CVE-2017-20179 | 1 Instedd | 1 Pollit | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
A vulnerability was found in InSTEDD Pollit 2.3.1. It has been rated as critical. This issue affects the function TourController of the file app/controllers/tour_controller.rb. The manipulation leads to an unknown weakness. The attack may be initiated remotely. Upgrading to version 2.3.2 is able to address this issue. The patch is named 6ef04f8b5972d5f16f8b86f8b53f62fac68d5498. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-221507. | |||||
CVE-2017-20178 | 1 Codiad | 1 Codiad | 2024-11-21 | 2.1 LOW | 3.1 LOW |
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Codiad 2.8.0. It has been rated as problematic. Affected by this issue is the function saveJSON of the file components/install/process.php. The manipulation of the argument data leads to information disclosure. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. Upgrading to version 2.8.1 is able to address this issue. The patch is identified as 517119de673e62547ee472a730be0604f44342b5. It is recommended to upgrade the affected component. VDB-221498 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
CVE-2017-20112 | 1 Ivpn | 1 Ivpn | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
A vulnerability has been found in IVPN Client 2.6.6120.33863 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument --up cmd leads to improper privilege management. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 2.6.2 is able to address this issue. It is recommended to upgrade the affected component. | |||||
CVE-2017-20111 | 1 Calabrio | 1 Teleopti Workforce Management | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
A vulnerability, which was classified as critical, was found in Teleopti WFM 7.1.0. This affects an unknown part of the component Administration. The manipulation leads to improper privilege management. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. | |||||
CVE-2017-20110 | 1 Calabrio | 1 Teleopti Workforce Management | 2024-11-21 | 5.0 MEDIUM | 4.3 MEDIUM |
A vulnerability, which was classified as problematic, has been found in Teleopti WFM up to 7.1.0. Affected by this issue is some unknown functionality of the component Administration. The manipulation as part of JSON leads to information disclosure (Credentials). The attack may be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. | |||||
CVE-2017-20038 | 1 Sicunet | 1 Access Control | 2024-11-21 | 7.5 HIGH | 6.3 MEDIUM |
A vulnerability was found in SICUNET Access Controller 0.32-05z and classified as critical. Affected by this issue is some unknown functionality of the file card_scan_decoder.php. The manipulation of the argument No/door leads to privilege escalation. The attack may be launched remotely. | |||||
CVE-2017-20037 | 1 Sicunet | 1 Access Control | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
A vulnerability has been found in SICUNET Access Controller 0.32-05z and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument c leads to privilege escalation. The attack can be launched remotely. | |||||
CVE-2017-20031 | 1 Phplist | 1 Phplist | 2024-11-21 | 4.0 MEDIUM | 2.7 LOW |
A vulnerability was found in PHPList 3.2.6. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument sortby with the input password leads to information disclosure. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.3.1 is able to address this issue. It is recommended to upgrade the affected component. |