New vulnerabilities from the NVD: CVE-2017-17317 | | Common Open Policy Service Protocol (COPS) module in Huawei USG6300 V100R001C10; V100R001C20; V100R001C30; V500R001C00; V500R001C20; V500R001C30; V500R001C50; Secospace USG6500 V100R001C10; V100R001C20; V100R001C30; V500R001C00; V500R001C20; V500R001C30; V500R001C50; Secospace USG6600 V100R001C00; V100R001C20; V100R001C30; V500R001C00; V500R001C20; V500R001C30; V500R001C50; TE30 V100R001C02; V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C01; V100R001C10; V500R002C00; V600R006C00 has a buffer overflow vulnerability. An unauthenticated, remote attacker has to control the peer device and send specially crafted message to the affected products. Due to insufficient input validation, successful exploit may cause some services abnormal. Published at: July 02, 2018 at 04:29PM View on website July 02, 2018 at 06:21PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2017-17316 | | Huawei DP300 V500R002C00; RP200 V500R002C00; V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00 have an out-of-bounds read vulnerability. An unauthenticated, remote attacker has to control the peer device and craft the Signalling Connection Control Part (SCCP) messages to the target devices. Due to insufficient input validation of some values in the messages, successful exploit will cause out-of-bounds read and some services abnormal. Published at: July 02, 2018 at 04:29PM View on website July 02, 2018 at 06:21PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2017-17175 | | Short Message Service (SMS) module of Mate 9 Pro Huawei smart phones with the versions before LON-AL00B 8.0.0.354(C00) has a Denial of Service (DoS) vulnerability. An unauthenticated attacker may set up a pseudo base station, and send special malware text message to the phone, causing the mobile phone to fail to make calls and send and receive text messages. Published at: July 02, 2018 at 04:29PM View on website July 02, 2018 at 06:21PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2017-1314 | | IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125725. Published at: July 03, 2018 at 10:29PM View on website July 04, 2018 at 12:21AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2017-1313 | | IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125724. Published at: July 03, 2018 at 10:29PM View on website July 04, 2018 at 12:21AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2017-1312 | | IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125723. Published at: July 03, 2018 at 10:29PM View on website July 04, 2018 at 12:21AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2017-1306 | | IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125460. Published at: July 03, 2018 at 10:29PM View on website July 04, 2018 at 12:21AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2017-1299 | | IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125161. Published at: July 03, 2018 at 10:29PM View on website July 04, 2018 at 12:21AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2017-1294 | | IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125155. Published at: July 03, 2018 at 10:29PM View on website July 04, 2018 at 12:21AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2017-1293 | | IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125154. Published at: July 03, 2018 at 10:29PM View on website July 04, 2018 at 12:21AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2017-1281 | | IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124759. Published at: July 03, 2018 at 10:29PM View on website July 04, 2018 at 12:21AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2017-1280 | | IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124758. Published at: July 03, 2018 at 10:29PM View on website July 04, 2018 at 12:21AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2017-1277 | | IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124752. Published at: July 03, 2018 at 10:29PM View on website July 04, 2018 at 12:21AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2017-1275 | | IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124750. Published at: July 03, 2018 at 10:29PM View on website July 04, 2018 at 12:21AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2017-1250 | | IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force 124630. Published at: July 03, 2018 at 10:29PM View on website July 04, 2018 at 12:21AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2017-0929 | | DNN (aka DotNetNuke) before 9.2.0 suffers from a Server-Side Request Forgery (SSRF) vulnerability in the DnnImageHandler class. Attackers may be able to access information about internal network resources. Published at: July 04, 2018 at 12:29AM View on website July 04, 2018 at 02:21AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2017-0921 | | GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an unverified password change issue in the PasswordsController component resulting in potential account takeover if a victim's session is compromised. Published at: July 04, 2018 at 12:29AM View on website July 04, 2018 at 02:21AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2017-0919 | | GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an authorization bypass issue in the GitLab import component resulting in an attacker being able to perform operations under a group in which they were previously unauthorized. Published at: July 04, 2018 at 12:29AM View on website July 04, 2018 at 02:21AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2017-0913 | | Ubiquiti UCRM versions 2.3.0 to 2.7.7 allow an authenticated user to read arbitrary files in the local file system. Note that by default, the local file system is isolated in a docker container. Successful exploitation requires valid credentials to an account with "Edit" access to "System Customization". Published at: July 04, 2018 at 12:29AM View on website July 04, 2018 at 02:21AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2017-0912 | | Ubiquiti UCRM versions 2.5.0 to 2.7.7 are vulnerable to Stored Cross-site Scripting. Due to the lack sanitization, it is possible to inject arbitrary HTML code by manipulating the uploaded filename. Successful exploitation requires valid credentials to an account with "Edit" access to "Scheduling". Published at: July 04, 2018 at 12:29AM View on website July 04, 2018 at 02:21AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2015-9260 | | An issue was discovered in BEdita before 3.7.0. A cross-site scripting (XSS) attack occurs via a crafted pages/showObjects URI, as demonstrated by appending a payload to a pages/showObjects/2/0/0/leafs URI. Published at: July 05, 2018 at 05:29AM View on website July 05, 2018 at 08:21AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2016-10545 | | thor ruby gem suffers from a command injection vulnerability due to the use of `open-uri`'s open() as used in Thor::Actions#get, allowing for execution of system commands. Published at: July 05, 2018 at 07:29PM View on website July 05, 2018 at 09:53PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2016-10522 | | rails_admin ruby gem <v1.1.1 is vulnerable to cross-site request forgery (CSRF) attacks. Non-GET methods were not validating CSRF tokens and, as a result, an attacker could hypothetically gain access to the application administrative endpoints exposed by the gem. Published at: July 05, 2018 at 07:29PM View on website July 05, 2018 at 09:53PM via National Vulnerability Database |
Няма коментари:
Публикуване на коментар