Vulnerabilities (CVE)

Filtered by CWE-417
Total 15 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-9855 3 Libreoffice, Microsoft, Opensuse 3 Libreoffice, Windows, Leap 2024-11-21 7.5 HIGH 9.8 CRITICAL
LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. LibreOffice also has a feature where documents can specify that pre-installed scripts can be executed on various document script events such as mouse-over, etc. Protection was added to block calling LibreLogo from script event handers. However a Windows 8.3 path equivalence handling flaw left LibreOffice vulnerable under Windows that a document could trigger executing LibreLogo via a Windows filename pseudonym. This issue affects: Document Foundation LibreOffice 6.2 versions prior to 6.2.7; 6.3 versions prior to 6.3.1.
CVE-2019-14318 1 Cryptopp 1 Crypto\+\+ 2024-11-21 4.3 MEDIUM 5.9 MEDIUM
Crypto++ 8.3.0 and earlier contains a timing side channel in ECDSA signature generation. This allows a local or remote attacker, able to measure the duration of hundreds to thousands of signing operations, to compute the private key used. The issue occurs because scalar multiplication in ecp.cpp (prime field curves, small leakage) and algebra.cpp (binary field curves, large leakage) is not constant time and leaks the bit length of the scalar among other information.
CVE-2018-8929 1 Synology 1 Ssl Vpn Client 2024-11-21 6.8 MEDIUM 7.3 HIGH
Improper restriction of communication channel to intended endpoints vulnerability in HTTP daemon in Synology SSL VPN Client before 1.2.4-0224 allows remote attackers to conduct man-in-the-middle attacks via a crafted payload.
CVE-2018-6556 4 Canonical, Linuxcontainers, Opensuse and 1 more 6 Ubuntu Linux, Lxc, Leap and 3 more 2024-11-21 2.1 LOW 3.3 LOW
lxc-user-nic when asked to delete a network interface will unconditionally open a user provided path. This code path may be used by an unprivileged user to check for the existence of a path which they wouldn't otherwise be able to reach. It may also be used to trigger side effects by causing a (read-only) open of special kernel files (ptmx, proc, sys). Affected releases are LXC: 2.0 versions above and including 2.0.9; 3.0 versions above and including 3.0.0, prior to 3.0.2.
CVE-2018-5254 1 Arista 1 Eos 2024-11-21 5.0 MEDIUM 7.5 HIGH
Arista EOS before 4.20.2F allows remote BGP peers to cause a denial of service (Rib agent restart) via a malformed path attribute in an UPDATE message.
CVE-2018-14900 1 Epson 2 Wf-2750, Wf-2750 Firmware 2024-11-21 5.0 MEDIUM 7.5 HIGH
On EPSON WF-2750 printers with firmware JP02I2, there is no filtering of print jobs. Remote attackers can send print jobs directly to the printer via TCP port 9100.
CVE-2018-13906 1 Qualcomm 104 Ipq4019, Ipq4019 Firmware, Ipq8074 and 101 more 2024-11-21 6.4 MEDIUM 9.1 CRITICAL
The HMAC authenticating the message from QSEE is vulnerable to timing side channel analysis leading to potentially forged application message in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ8074, MDM9150, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCA8081, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, SDX20, Snapdragon_High_Med_2016, SXR1130
CVE-2017-8822 2 Debian, Tor Project 2 Debian Linux, Tor 2024-11-21 4.3 MEDIUM 3.7 LOW
In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, relays (that have incompletely downloaded descriptors) can pick themselves in a circuit path, leading to a degradation of anonymity, aka TROVE-2017-012.
CVE-2017-7760 2 Microsoft, Mozilla 3 Windows, Firefox, Firefox Esr 2024-11-21 4.6 MEDIUM 7.8 HIGH
The Mozilla Windows updater modifies some files to be updated by reading the original file and applying changes to it. The location of the original file can be altered by a malicious user by passing a special path to the callback parameter through the Mozilla Maintenance Service, allowing the manipulation of files in the installation directory and privilege escalation by manipulating the Mozilla Maintenance Service, which has privileged access. Note: This attack requires local system access and only affects Windows. Other operating systems are not affected. This vulnerability affects Firefox ESR < 52.2 and Firefox < 54.
CVE-2017-7480 1 Rootkit Hunter Project 1 Rootkit Hunter 2024-11-21 7.5 HIGH 9.8 CRITICAL
rkhunter versions before 1.4.4 are vulnerable to file download over insecure channel when doing mirror update resulting into potential remote code execution.
CVE-2017-6520 1 Bose 1 Soundtouch 30 2024-11-21 6.4 MEDIUM 9.1 CRITICAL
The Multicast DNS (mDNS) responder used in BOSE Soundtouch 30 inadvertently responds to IPv4 unicast queries with source addresses that are not link-local, which allows remote attackers to cause a denial of service (traffic amplification) or obtain potentially sensitive information via port-5353 UDP packets.
CVE-2017-3969 1 Mcafee 1 Network Security Manager 2024-11-21 4.3 MEDIUM 8.2 HIGH
Abuse of communication channels vulnerability in the server in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows man-in-the-middle attackers to decrypt messages via an inadequate implementation of SSL.
CVE-2017-2712 1 Huawei 2 S3300, S3300 Firmware 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
S3300 V100R006C05 have an Ethernet in the First Mile (EFM) flapping vulnerability due to the lack of type-length-value (TLV) consistency check. An attacker may craft malformed packets and send them to a device to cause EFM flapping.
CVE-2017-1000197 1 Octobercms 1 October 2024-11-21 7.5 HIGH 9.8 CRITICAL
October CMS build 412 is vulnerable to file path modification in asset move functionality resulting in creating creating malicious files on the server.
CVE-2016-9879 2 Ibm, Vmware 2 Websphere Application Server, Spring Security 2024-11-21 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Pivotal Spring Security before 3.2.10, 4.1.x before 4.1.4, and 4.2.x before 4.2.1. Spring Security does not consider URL path parameters when processing security constraints. By adding a URL path parameter with an encoded "/" to a request, an attacker may be able to bypass a security constraint. The root cause of this issue is a lack of clarity regarding the handling of path parameters in the Servlet Specification. Some Servlet containers include path parameters in the value returned for getPathInfo() and some do not. Spring Security uses the value returned by getPathInfo() as part of the process of mapping requests to security constraints. The unexpected presence of path parameters can cause a constraint to be bypassed. Users of Apache Tomcat (all current versions) are not affected by this vulnerability since Tomcat follows the guidance previously provided by the Servlet Expert group and strips path parameters from the value returned by getContextPath(), getServletPath(), and getPathInfo(). Users of other Servlet containers based on Apache Tomcat may or may not be affected depending on whether or not the handling of path parameters has been modified. Users of IBM WebSphere Application Server 8.5.x are known to be affected. Users of other containers that implement the Servlet specification may be affected.