Total
28625 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-13162 | 1 Google | 1 Android | 2024-02-28 | 9.3 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability in the kernel binder. Product: Android. Versions: Android kernel. Android ID A-64216036. | |||||
| CVE-2017-3529 | 1 Oracle | 1 Mysql | 2024-02-28 | 3.5 LOW | 5.3 MEDIUM |
| Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: UDF). Supported versions that are affected are 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2017-13167 | 1 Google | 1 Android | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability in the kernel sound timer. Product: Android. Versions: Android kernel. Android ID A-37240993. | |||||
| CVE-2017-16615 | 1 Mlalchemy Project | 1 Mlalchemy | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| An exploitable vulnerability exists in the YAML parsing functionality in the parse_yaml_query method in parser.py in MLAlchemy before 0.2.2. When processing YAML-Based queries for data, a YAML parser can execute arbitrary Python commands resulting in command execution because load is used where safe_load should have been used. An attacker can insert Python into loaded YAML to trigger this vulnerability. | |||||
| CVE-2017-10223 | 1 Oracle | 1 Hospitality Materials Control | 2024-02-28 | 5.5 MEDIUM | 5.4 MEDIUM |
| Vulnerability in the Oracle Hospitality Materials Control component of Oracle Hospitality Applications (subcomponent: Purchasing). Supported versions that are affected are 8.31.4 and 8.32.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Materials Control. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Materials Control accessible data as well as unauthorized read access to a subset of Oracle Hospitality Materials Control accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N). | |||||
| CVE-2017-16776 | 1 Mckesson | 1 Conserus Workflow Intelligence | 2024-02-28 | 6.8 MEDIUM | 8.1 HIGH |
| Security researchers discovered an authentication bypass vulnerability in version 2.0.2 of the Conserus Workflow Intelligence application by McKesson Medical Imaging Company, which is now a Change Healthcare company. The attacker must send a malicious HTTP GET request to exploit the vulnerability. The vulnerability allows an attacker to bypass authentication and escalate privileges of valid users. An unauthenticated attacker can exploit the vulnerability and be granted limited access to other accounts. An authenticated attacker can exploit the vulnerability and be granted access reserved for higher privilege users. | |||||
| CVE-2018-5267 | 1 Cobham | 2 Sea Tel 121, Sea Tel 121 Firmware | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| Cobham Sea Tel 121 build 222701 devices allow remote attackers to bypass authentication via a direct request to MenuDealerGx.html, MenuDealer.html, MenuEuNCGx.html, MenuEuNC.html, MenuSysGx.html, or MenuSys.html. | |||||
| CVE-2017-16380 | 1 Adobe | 4 Acrobat, Acrobat Dc, Acrobat Reader and 1 more | 2024-02-28 | 9.3 HIGH | 8.8 HIGH |
| An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a security bypass vulnerability for a certain file-type extension. Acrobat maintains both a blacklist and whitelist (the user can specify an allowed attachment). However, any file extensions that are neither on the blacklist nor the whitelist can still be opened after displaying a warning prompt. | |||||
| CVE-2017-12600 | 1 Opencv | 1 Opencv | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
| OpenCV (Open Source Computer Vision Library) through 3.3 has a denial of service (CPU consumption) issue, as demonstrated by the 11-opencv-dos-cpu-exhaust test case. | |||||
| CVE-2017-10905 | 1 Qt | 1 Qt | 2024-02-28 | 6.8 MEDIUM | 5.3 MEDIUM |
| A vulnerability in applications created using Qt for Android prior to 5.9.3 allows attackers to alter environment variables via unspecified vectors. | |||||
| CVE-2017-0705 | 1 Google | 1 Android | 2024-02-28 | 7.2 HIGH | 6.8 MEDIUM |
| A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-34973477. References: B-RB#119898. | |||||
| CVE-2017-1504 | 1 Ibm | 1 Websphere Application Server | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM WebSphere Application Server version 9.0.0.4 could provide weaker than expected security after using the PasswordUtil command to enable AES password encryption. IBM X-Force ID: 129579. | |||||
| CVE-2017-10151 | 1 Oracle | 1 Identity Manager | 2024-02-28 | 7.5 HIGH | 10.0 CRITICAL |
| Vulnerability in the Oracle Identity Manager component of Oracle Fusion Middleware (subcomponent: Default Account). Supported versions that are affected are 11.1.1.7, 11.1.2.3 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Identity Manager. While the vulnerability is in Oracle Identity Manager, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Identity Manager. CVSS 3.0 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). | |||||
| CVE-2017-10030 | 1 Oracle | 1 Business Intelligence Publisher | 2024-02-28 | 5.8 MEDIUM | 8.2 HIGH |
| Vulnerability in the BI Publisher component of Oracle Fusion Middleware (subcomponent: Web Server). The supported version that is affected is 11.1.1.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise BI Publisher. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in BI Publisher, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all BI Publisher accessible data as well as unauthorized update, insert or delete access to some of BI Publisher accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N). | |||||
| CVE-2017-9977 | 2 Apple, Avg | 2 Macos, Anti-virus | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| AVG AntiVirus for MacOS with scan engine before 4668 might allow remote attackers to bypass malware detection by leveraging failure to scan inside disk image (aka DMG) files. | |||||
| CVE-2017-10404 | 1 Oracle | 1 Hospitality Reporting And Analytics | 2024-02-28 | 6.5 MEDIUM | 9.9 CRITICAL |
| Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Hospitality Applications (subcomponent: iQuery). Supported versions that are affected are 8.5.1 and 9.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Reporting and Analytics. While the vulnerability is in Oracle Hospitality Reporting and Analytics, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Hospitality Reporting and Analytics. CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L). | |||||
| CVE-2017-1235 | 1 Ibm | 1 Websphere Mq | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM WebSphere MQ 8.0 could allow an authenticated user to cause a premature termination of a client application thread which could potentially cause denial of service. IBM X-Force ID: 123914. | |||||
| CVE-2018-0793 | 1 Microsoft | 3 Office, Office Compatibility Pack, Word | 2024-02-28 | 9.3 HIGH | 7.8 HIGH |
| Microsoft Outlook 2007, Microsoft Outlook 2010 and Microsoft Outlook 2013 allow a remote code execution vulnerability due to the way email messages are parsed, aka "Microsoft Outlook Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0791. | |||||
| CVE-2017-15628 | 1 Tp-link | 76 Er5110g, Er5110g Firmware, Er5120g and 73 more | 2024-02-28 | 9.0 HIGH | 7.2 HIGH |
| TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the lcpechointerval variable in the pptp_server.lua file. | |||||
| CVE-2017-1468 | 1 Ibm | 2 Infosphere Information Server, Softlayer | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
| IBM InfoSphere Information Server 9.1, 11.3, and 11.5 could allow a local user to gain elevated privileges by placing arbitrary files in installation directories. IBM X-force ID: 128467. | |||||