Total
59 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-15107 | 1 Thekelleys | 1 Dnsmasq | 2019-12-11 | N/A |
| A vulnerability was found in the implementation of DNSSEC in Dnsmasq up to and including 2.78. Wildcard synthesized NSEC records could be improperly interpreted to prove the non-existence of hostnames that actually exist. | ||||
| CVE-2018-1243 | 1 Dell | 4 Idrac6 Firmware, Idrac7 Firmware, Idrac8 Firmware and 1 more | 2019-10-09 | N/A |
| Dell EMC iDRAC6, versions prior to 2.91, iDRAC7/iDRAC8, versions prior to 2.60.60.60 and iDRAC9, versions prior to 3.21.21.21, contain a weak CGI session ID vulnerability. The sessions invoked via CGI binaries use 96-bit numeric-only session ID values, which makes it easier for remote attackers to perform bruteforce session guessing attacks. | ||||
| CVE-2018-0268 | 1 Cisco | 1 Digital Network Architecture Center | 2019-10-09 | N/A |
| A vulnerability in the container management subsystem of Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and gain elevated privileges. This vulnerability is due to an insecure default configuration of the Kubernetes container management subsystem within DNA Center. An attacker who has the ability to access the Kubernetes service port could execute commands with elevated privileges within provisioned containers. A successful exploit could result in a complete compromise of affected containers. This vulnerability affects Cisco DNA Center Software Releases 1.1.3 and prior. Cisco Bug IDs: CSCvi47253. | ||||
| CVE-2017-6032 | 1 Schneider-electric | 2 Modbus, Modbus Firmware | 2019-10-09 | N/A |
| A Violation of Secure Design Principles issue was discovered in Schneider Electric Modicon Modbus Protocol. The Modicon Modbus protocol has a session-related weakness making it susceptible to brute-force attacks. | ||||
| CVE-2017-2612 | 1 Jenkins | 1 Jenkins | 2019-10-09 | N/A |
| In Jenkins before versions 2.44, 2.32.2 low privilege users were able to override JDK download credentials (SECURITY-392), resulting in future builds possibly failing to download a JDK. | ||||
| CVE-2017-2604 | 1 Jenkins | 1 Jenkins | 2019-10-09 | N/A |
| In Jenkins before versions 2.44, 2.32.2 low privilege users were able to act on administrative monitors due to them not being consistently protected by permission checks (SECURITY-371). | ||||
| CVE-2017-15105 | 3 Canonical, Debian, Nlnetlabs | 3 Ubuntu Linux, Debian Linux, Unbound | 2019-10-09 | N/A |
| A flaw was found in the way unbound before 1.6.8 validated wildcard-synthesized NSEC records. An improperly validated wildcard NSEC record could be used to prove the non-existence (NXDOMAIN answer) of an existing wildcard record, or trick unbound into accepting a NODATA proof. | ||||
| CVE-2017-15091 | 1 Powerdns | 1 Authoritative | 2019-10-09 | N/A |
| An issue has been found in the API component of PowerDNS Authoritative 4.x up to and including 4.0.4 and 3.x up to and including 3.4.11, where some operations that have an impact on the state of the server are still allowed even though the API has been configured as read-only via the api-readonly keyword. This missing check allows an attacker with valid API credentials to flush the cache, trigger a zone transfer or send a NOTIFY. | ||||
| CVE-2017-12303 | 1 Cisco | 1 Asyncos | 2019-10-09 | N/A |
| A vulnerability in the Advanced Malware Protection (AMP) file filtering feature of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to bypass a configured AMP file filtering rule. The file types affected are zipped or archived file types. The vulnerability is due to incorrect and different file hash values when AMP scans the file. An attacker could exploit this vulnerability by sending a crafted email file attachment through the targeted device. An exploit could allow the attacker to bypass a configured AMP file filter. Cisco Bug IDs: CSCvf52943. | ||||
| CVE-2016-10834 | 1 Cpanel | 1 Cpanel | 2019-08-12 | N/A |
| cPanel before 55.9999.141 allows account-suspension bypass via ftp (SEC-105). | ||||
| CVE-2016-10825 | 1 Cpanel | 1 Cpanel | 2019-08-12 | N/A |
| cPanel before 55.9999.141 allows attackers to bypass a Security Policy by faking static documents (SEC-92). | ||||
| CVE-2018-20934 | 1 Cpanel | 1 Cpanel | 2019-08-12 | N/A |
| cPanel before 70.0.23 does not prevent e-mail account suspensions from being applied to unowned accounts (SEC-411). | ||||
| CVE-2017-7177 | 1 Openinfosecfoundation | 1 Suricata | 2018-12-05 | N/A |
| Suricata before 3.2.1 has an IPv4 defragmentation evasion issue caused by lack of a check for the IP protocol during fragment matching. | ||||
| CVE-2017-15662 | 1 Flexense | 1 Vx Search | 2018-02-01 | N/A |
| In Flexense VX Search Enterprise v10.1.12, the Control Protocol suffers from a denial of service vulnerability. The attack vector is a crafted SERVER_GET_INFO packet sent to control port 9123. | ||||
| CVE-2017-15663 | 1 Flexense | 1 Disk Pulse | 2018-02-01 | N/A |
| In Flexense Disk Pulse Enterprise v10.1.18, the Control Protocol suffers from a denial of service vulnerability. The attack vector is a crafted SERVER_GET_INFO packet sent to control port 9120. | ||||
| CVE-2017-15664 | 1 Flexense | 1 Syncbreeze | 2018-02-01 | N/A |
| In Flexense Sync Breeze Enterprise v10.1.16, the Control Protocol suffers from a denial of service vulnerability. The attack vector is a crafted SERVER_GET_INFO packet sent to control port 9121. | ||||
| CVE-2017-15665 | 1 Flexense | 1 Diskboss | 2018-02-01 | N/A |
| In Flexense DiskBoss Enterprise 8.5.12, the Control Protocol suffers from a denial of service vulnerability. The attack vector is a crafted SERVER_GET_INFO packet sent to control port 8094. | ||||
| CVE-2017-8152 | 1 Huawei | 2 Honor 5s, Honor 5s Firmware | 2017-12-11 | N/A |
| Huawei Honor 5S smart phones with software the versions before TAG-TL00C01B173 have a Factory Reset Protection (FRP) bypass security vulnerability due to the improper design. An attacker can access factory reset page without authorization by only dial with special code. The attacker can exploit this vulnerability to restore the phone to factory settings. | ||||
| CVE-2014-4843 | 1 Ibm | 1 Curam Social Program Management | 2017-06-15 | N/A |
| Curam Universal Access in IBM Curam Social Program Management (SPM) 6.0 SP2 before EP26, 6.0.4 before 6.0.4.6, and 6.0.5 before 6.0.5.5 iFix5 allows remote attackers to obtain sensitive information about internal caseworker usernames via vectors related to a URL. | ||||