CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2017-15941 Cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.7, when the GlobalProtect gateway or portal is confi... | N/A | NONE | — | 0 |
| CVE-2017-16878 Cross-site scripting (XSS) vulnerability in the Captive Portal function in Palo Alto Networks PAN-OS before 8.0.7 allows remote attackers to inject arbitrary web script or HTML by leveraging an unspec... | N/A | NONE | — | 0 |
| CVE-2017-17662 Directory traversal in the HTTP server on Yawcam 0.2.6 through 0.6.0 devices allows attackers to read arbitrary files through a sequence of the form '.x./' or '....\x/' where x is a pattern composed o... | N/A | NONE | — | 0 |
| CVE-2017-17841 Palo Alto Networks PAN-OS 6.1, 7.1, and 8.0.x before 8.0.7, when an interface implements SSL decryption with RSA enabled or hosts a GlobalProtect portal or gateway, might allow remote attackers to dec... | N/A | NONE | — | 0 |
| CVE-2017-18023 Office Tracker 11.2.5 has XSS via the logincount parameter to the /otweb/OTPClientLogin URI. | N/A | NONE | — | 0 |
| CVE-2017-18024 AvantFAX 3.3.3 has XSS via an arbitrary parameter name to the default URI, as demonstrated by a parameter whose name contains a SCRIPT element and whose value is 1. | N/A | NONE | — | 0 |
| CVE-2017-3765 In Enterprise Networking Operating System (ENOS) in Lenovo and IBM RackSwitch and BladeCenter products, an authentication bypass known as "HP Backdoor" was discovered during a Lenovo security audit in... | N/A | NONE | — | 0 |
| CVE-2017-11069 In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, manipulation of SafeSwitch Image data can result in Heap overflow. | N/A | NONE | — | 0 |
| CVE-2017-12189 It was discovered that the jboss init script as used in Red Hat JBoss Enterprise Application Platform 7.0.7.GA performed unsafe file handling which could result in local privilege escalation. This iss... | N/A | NONE | — | 0 |
| CVE-2017-15847 In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the SPCom kernel driver, a race condition exists when creating a channel. | N/A | NONE | — | 0 |
| CVE-2017-15849 In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a LayerStack can be destroyed in between Validate and Commit by the application resultin... | N/A | NONE | — | 0 |
| CVE-2017-17946 A buffer overflow in Handy Password 4.9.3 allows remote attackers to execute arbitrary code via a long "Title name" field in "mail box" data that is mishandled in an "Open from mail box" action. | N/A | NONE | — | 0 |
| CVE-2017-11003 In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while updating a firmware image, data is read from flash into RAM without checking that ... | N/A | NONE | — | 0 |
| CVE-2017-11066 In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while flashing ubi image an uninitialized memory could be accessed. | N/A | NONE | — | 0 |
| CVE-2017-11079 In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing sparse image, uninitialized heap memory can potentially be flashed due ... | N/A | NONE | — | 0 |
| CVE-2017-11080 In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing a user supplied sparse image, a buffer overflow vulnerability could occ... | N/A | NONE | — | 0 |
| CVE-2017-11081 In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, there is a potential buffer overflow vulnerability in hdd_parse_setrmcenable_command and... | N/A | NONE | — | 0 |
| CVE-2017-14869 In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while performing update of FOTA partition, uninitialized data can be pushed to storage. | N/A | NONE | — | 0 |
| CVE-2017-14870 In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while updating the recovery message for eMMC devices, 1088 bytes of stack memory can pot... | N/A | NONE | — | 0 |
| CVE-2017-15848 In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the fastrpc kernel driver, a buffer overflow vulnerability from userspace may potenti... | N/A | NONE | — | 0 |
| CVE-2017-15850 In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, userspace can read values from audio codec registers. | N/A | NONE | — | 0 |
| CVE-2017-9689 In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a specially-crafted HDMI CEC message can be used to cause stack memory corruption. | N/A | NONE | — | 0 |
| CVE-2017-9705 In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, concurrent rx notifications and read() operations in the G-Link PKT driver can result in... | N/A | NONE | — | 0 |
| CVE-2017-9712 In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, if userspace provides a too-large IE length in wlan_hdd_cfg80211_set_ie, a buffer over-r... | N/A | NONE | — | 0 |
| CVE-2018-0001 A remote, unauthenticated attacker may be able to execute code by exploiting a use-after-free defect found in older versions of PHP through injection of crafted data via specific PHP URLs within the c... | N/A | NONE | — | 0 |
| CVE-2018-0002 On SRX Series and MX Series devices with a Service PIC with any ALG enabled, a crafted TCP/IP response packet processed through the device results in memory corruption leading to a flowd daemon crash.... | N/A | NONE | — | 0 |
| CVE-2018-5991 SQL Injection exists in the Form Maker 3.6.12 component for Joomla! via the id, from, or to parameter in a view=stats request, a different vulnerability than CVE-2015-2798. | N/A | NONE | — | 0 |
| CVE-2018-0003 A specially crafted MPLS packet received or processed by the system, on an interface configured with MPLS, will store information in the system memory. Subsequently, if this stored information is acce... | N/A | NONE | — | 0 |
| CVE-2018-0004 A sustained sequence of different types of normal transit traffic can trigger a high CPU consumption denial of service condition in the Junos OS register and schedule software interrupt handler subsys... | N/A | NONE | — | 0 |
| CVE-2018-0005 QFX and EX Series switches configured to drop traffic when the MAC move limit is exceeded will forward traffic instead of dropping traffic. This can lead to denials of services or other unintended con... | N/A | NONE | — | 0 |
| CVE-2018-0006 A high rate of VLAN authentication attempts sent from an adjacent host on the local broadcast domain can trigger high memory utilization by the BBE subscriber management daemon (bbe-smgd), and lead to... | N/A | NONE | — | 0 |
| CVE-2018-0007 An unauthenticated network-based attacker able to send a maliciously crafted LLDP packet to the local segment, through a local segment broadcast, may be able to cause a Junos device to enter an improp... | N/A | NONE | — | 0 |
| CVE-2018-0008 An unauthenticated root login may allow upon reboot when a commit script is used. A commit script allows a device administrator to execute certain instructions during commit, which is configured under... | N/A | NONE | — | 0 |
| CVE-2018-0009 On Juniper Networks SRX series devices, firewall rules configured to match custom application UUIDs starting with zeros can match all TCP traffic. Due to this issue, traffic that should have been bloc... | N/A | NONE | — | 0 |
| CVE-2018-0010 A vulnerability in the Juniper Networks Junos Space Security Director allows a user who does not have SSH access to a device to reuse the URL that was created for another user to perform SSH access. A... | N/A | NONE | — | 0 |
| CVE-2018-0011 A reflected cross site scripting (XSS) vulnerability in Junos Space may potentially allow a remote authenticated user to inject web script or HTML and steal sensitive data and credentials from a sessi... | N/A | NONE | — | 0 |
| CVE-2018-0012 Junos Space is affected by a privilege escalation vulnerability that may allow a local authenticated attacker to gain root privileges. | N/A | NONE | — | 0 |
| CVE-2018-0013 A local file inclusion vulnerability in Juniper Networks Junos Space Network Management Platform may allow an authenticated user to retrieve files from the system. | N/A | NONE | — | 0 |
| CVE-2018-0014 Juniper Networks ScreenOS devices do not pad Ethernet packets with zeros, and thus some packets can contain fragments of system memory or data from previous packets. This issue is often detected as CV... | N/A | NONE | — | 0 |
| CVE-2018-5332 In the Linux kernel through 3.2, the rds_message_alloc_sgs() function does not validate a value that is used during DMA page allocation, leading to a heap-based out-of-bounds write (related to the rds... | 7.8 | HIGH | — | 0 |
| CVE-2018-5333 In the Linux kernel through 4.14.13, the rds_cmsg_atomic function in net/rds/rdma.c mishandles cases where page pinning fails or an invalid address is supplied, leading to an rds_atomic_free_op NULL p... | N/A | NONE | — | 0 |
| CVE-2018-0118 A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to perform a cross-site scripting (XSS) attack against a u... | N/A | NONE | — | 0 |
| CVE-2017-1740 IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus a... | N/A | NONE | — | 0 |
| CVE-2017-4949 VMware Workstation and Fusion contain a use-after-free vulnerability in VMware NAT service when IPv6 mode is enabled. This issue may allow a guest to execute code on the host. Note: IPv6 mode for VMNA... | N/A | NONE | — | 0 |
| CVE-2017-4950 VMware Workstation and Fusion contain an integer overflow vulnerability in VMware NAT service when IPv6 mode is enabled. This issue may lead to an out-of-bound read which can then be used to execute c... | N/A | NONE | — | 0 |
| CVE-2012-6667 Cross-site scripting (XSS) vulnerability in vbshout.php in DragonByte Technologies vBShout module for vBulletin allows remote attackers to inject arbitrary web script or HTML via the shout parameter i... | N/A | NONE | — | 0 |
| CVE-2014-0087 The check_privileges method in vmdb/app/controllers/application_controller.rb in ManageIQ, as used in Red Hat CloudForms Management Engine (CFME), allows remote authenticated users to bypass authoriza... | N/A | NONE | — | 0 |
| CVE-2014-5068 Directory traversal vulnerability in the web application in Symmetricom s350i 2.70.15 allows remote attackers to read arbitrary files via a (1) ../ (dot dot slash) or (2) ..\ (dot dot forward slash) b... | 7.5 | HIGH | — | 0 |
| CVE-2014-5070 Symmetricom s350i 2.70.15 allows remote authenticated users to gain privileges via vectors related to pushing unauthenticated users to the login page. | 8.8 | HIGH | — | 0 |
| CVE-2017-15613 TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-interface variable in the cmxddns.lua file. | N/A | NONE | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.