ReportizFlow
Filtered by vendor
Subscriptions
Total
12627 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-8981 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | N/A |
| A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0506 was found. | ||||
| CVE-2017-8977 | 1 Hp | 1 Moonshot Provisioning Manager Appliance | 2024-11-21 | N/A |
| A Remote Denial of Service vulnerability in Hewlett Packard Enterprise Moonshot Provisioning Manager Appliance version v1.20 was found. | ||||
| CVE-2017-8976 | 1 Hp | 1 Moonshot Provisioning Manager Appliance | 2024-11-21 | N/A |
| A Remote Code Execution vulnerability in Hewlett Packard Enterprise Moonshot Provisioning Manager Appliance version v1.20 was found. | ||||
| CVE-2017-8975 | 1 Hp | 1 Moonshot Provisioning Manager Appliance | 2024-11-21 | N/A |
| A Remote Code Execution vulnerability in Hewlett Packard Enterprise Moonshot Provisioning Manager Appliance version v1.20 was found. | ||||
| CVE-2017-8973 | 1 Hp | 1 Matrix Operating Environment | 2024-11-21 | N/A |
| An improper input validation vulnerability in HPE Matrix Operating Environment version 7.6 LR1 was found. | ||||
| CVE-2017-8972 | 1 Hp | 1 Matrix Operating Environment | 2024-11-21 | N/A |
| A clickjacking vulnerability in HPE Matrix Operating Environment version 7.6 LR1 was found. | ||||
| CVE-2017-8971 | 1 Hp | 1 Matrix Operating Environment | 2024-11-21 | N/A |
| A clickjacking vulnerability in HPE Matrix Operating Environment version 7.6 LR1 was found. | ||||
| CVE-2017-8969 | 1 Hp | 1 Insight Control | 2024-11-21 | N/A |
| An improper input validation vulnerability in HPE Insight Control version 7.6 LR1 was found. | ||||
| CVE-2017-8957 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | N/A |
| A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.2 was found. | ||||
| CVE-2017-8956 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | N/A |
| A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found. | ||||
| CVE-2017-8955 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | N/A |
| A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.2 was found. | ||||
| CVE-2017-8954 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | N/A |
| A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.2 was found. | ||||
| CVE-2017-8341 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | N/A |
| Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Content Spoofing. | ||||
| CVE-2017-8330 | 1 Securifi | 6 Almond, Almond\+, Almond\+firmware and 3 more | 2024-11-21 | N/A |
| An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a UPnP functionality for devices to interface with the router and interact with the device. It seems that the "NewInMessage" SOAP parameter passed with a huge payload results in crashing the process. If the firmware version AL-R096 is dissected using binwalk tool, we obtain a cpio-root archive which contains the filesystem set up on the device that contains all the binaries. The binary "miniupnpd" is the one that has the vulnerable function that receives the values sent by the SOAP request. If we open this binary in IDA-pro we will notice that this follows a MIPS little endian format. The function WscDevPutMessage at address 0x0041DBB8 in IDA pro is identified to be receiving the values sent in the SOAP request. The SOAP parameter "NewInMesage" received at address 0x0041DC30 causes the miniupnpd process to finally crash when a second request is sent to the same process. | ||||
| CVE-2017-8164 | 1 Huawei | 18 Eva-al10, Eva-al10 Firmware, Eva-cl00 and 15 more | 2024-11-21 | N/A |
| Some Huawei smart phones with software EVA-L09C34B142; EVA-L09C40B196; EVA-L09C432B210; EVA-L09C440B138; EVA-L09C464B150; EVA-L09C530B127; EVA-L09C55B190; EVA-L09C576B150; EVA-L09C635B221; EVA-L09C636B193; EVA-L09C675B130; EVA-L09C688B143; EVA-L09C703B160; EVA-L09C706B145; EVA-L09GBRC555B171; EVA-L09IRLC368B160; EVA-L19C10B190; EVA-L19C185B220; EVA-L19C20B160; EVA-L19C432B210; EVA-L19C636B190; EVA-L29C20B160; EVA-L29C636B191; EVA-TL00C01B198; VIE-L09C02B131; VIE-L09C109B181; VIE-L09C113B170; VIE-L09C150B170; VIE-L09C25B120; VIE-L09C40B181; VIE-L09C432B181; VIE-L09C55B170; VIE-L09C605B131; VIE-L09ITAC555B130; VIE-L29C10B170; VIE-L29C185B181; VIE-L29C605B131; VIE-L29C636B202 have a denial of service (DoS) vulnerability. An attacker can trick a user to install a malicious application to exploit this vulnerability. Successful exploitation can cause camera application unusable. | ||||
| CVE-2017-8046 | 3 Pivotal Software, Redhat, Vmware | 3 Spring Data Rest, Jboss Fuse, Spring Boot | 2024-11-21 | N/A |
| Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 (Ingalls SR9), versions prior to 3.0.1 (Kay SR1) and Spring Boot versions prior to 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitrary Java code. | ||||
| CVE-2017-7838 | 1 Mozilla | 1 Firefox | 2024-11-21 | N/A |
| Punycode format text will be displayed for entire qualified international domain names in some instances when a sub-domain triggers the punycode display instead of the primary domain being displayed in native script and the sub-domain only displaying as punycode. This could be used for limited spoofing attacks due to user confusion. This vulnerability affects Firefox < 57. | ||||
| CVE-2017-7837 | 1 Mozilla | 1 Firefox | 2024-11-21 | N/A |
| SVG loaded through "<img>" tags can use "<meta>" tags within the SVG data to set cookies for that page. This vulnerability affects Firefox < 57. | ||||
| CVE-2017-7833 | 1 Mozilla | 1 Firefox | 2024-11-21 | N/A |
| Some Arabic and Indic vowel marker characters can be combined with Latin characters in a domain name to eclipse the non-Latin character with some font sets on the addressbar. The non-Latin character will not be visible to most viewers. This allows for domain spoofing attacks because these combined domain names do not display as punycode. This vulnerability affects Firefox < 57. | ||||
| CVE-2017-7832 | 1 Mozilla | 1 Firefox | 2024-11-21 | N/A |
| The combined, single character, version of the letter 'i' with any of the potential accents in unicode, such as acute or grave, can be spoofed in the addressbar by the dotless version of 'i' followed by the same accent as a second character with most font sets. This allows for domain spoofing attacks because these combined domain names do not display as punycode. This vulnerability affects Firefox < 57. | ||||