CWE:
 

Topic
Date
Author
Med.
HP Printers Wi-Fi Direct Improper Access Control
03.02.2017
Neseso
High
Motorola Bootloader Unlocking
16.04.2013
Dan Rosenberg
Low
Multiple Sourcefire Products Static Web SSL Keys Vulnerability
18.06.2010
ZDI
High
Consona Products - Multiple vulnerabilities
23.05.2010
wintercore
High
Intel *45 *35 chipset - txt attack
26.12.2009
Joanna Rutkowska
Med.
Adobe Photoshop Elements 8.0 Active File Monitor Local Elevation Of Privileges
02.10.2009
nine:situations:group:...
High
Medium security hole in TekRADIUS
11.07.2009
Tim Brown
High
Univeral HTTP Image/File Upload ActiveX Remote File Deletion
09.04.2009
t0pP8uZz
High
Chipmunk Blog (Auth Bypass) Add Admin Exploit
05.02.2009
x0r
Med.
bug in OpenSSH (Still in FreeBSD-STABLE)
04.08.2008
Dag-Erling Smorgrav


CVEMAP Search Results

CVE
Details
Description
2018-07-24
Medium
CVE-2017-3210

Vendor: Fujitsu
Software: Displayview ...
 

 
Applications developed using the Portrait Display SDK, versions 2.30 through 2.34, default to insecure configurations which allow arbitrary code execution. A number of applications developed using the Portrait Displays SDK do not use secure permissions when running. These applications run the component pdiservice.exe with NT AUTHORITY/SYSTEM permissions. This component is also read/writable by all Authenticated Users. This allows local authenticated attackers to run arbitrary code with SYSTEM privileges. The following applications have been identified by Portrait Displays as affected: Fujitsu DisplayView Click: Version 6.0 and 6.01. The issue was fixed in Version 6.3. Fujitsu DisplayView Click Suite: Version 5. The issue is addressed by patch in Version 5.9. HP Display Assistant: Version 2.1. The issue was fixed in Version 2.11. HP My Display: Version 2.0. The issue was fixed in Version 2.1. Philips Smart Control Premium: Versions 2.23, 2.25. The issue was fixed in Version 2.26.

 
2018-07-06
Medium
CVE-2018-5892

Vendor: Qualcomm
Software: Mdm9206 firmware
 

 
The Touch Pal application can collect user behavior data without awareness by the user in Snapdragon Mobile and Snapdragon Wear.

 
2018-06-01
Medium
CVE-2018-5524

Vendor: F5
Software: Big-ip acces...
 

 
Under certain conditions, on F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.1, or 11.6.1 HF2-11.6.3.1, virtual servers configured with Client SSL or Server SSL profiles which make use of network hardware security module (HSM) functionality are exposed and impacted by this issue.

 
2018-05-10
Medium
CVE-2018-1115

Vendor: Postgresql
Software: Postgresql
 

 
postgresql before versions 10.4, 9.6.9 is vulnerable in the adminpack extension, the pg_catalog.pg_logfile_rotate() function doesn't follow the same ACLs than pg_rorate_logfile. If the adminpack is added to a database, an attacker able to connect to it could exploit this to force log rotation.

 
2018-05-02
Medium
CVE-2018-0262

Vendor: Cisco
Software: Meeting server
 

 
A vulnerability in Cisco Meeting Server could allow an unauthenticated, remote attacker to gain unauthorized access to components of, or sensitive information in, an affected system, leading to Remote Code Execution. The vulnerability is due to incorrect default configuration of the device, which can expose internal interfaces and ports on the external interface of the system. A successful exploit could allow the attacker to gain unauthenticated access to configuration and database files as well as sensitive meeting information on an affected system. Additionally, if the Traversal Using Relay NAT (TURN) service is enabled and utilizing Transport Layer Security (TLS) connections, an attacker could utilize TURN credentials to forward traffic to device daemons, allowing for remote exploitation. This vulnerability affects Cisco Meeting Server (CMS) Acano X-series platforms that are running a CMS Software release prior to 2.2.11. Cisco Bug IDs: CSCvg76469.

 
2018-04-20
Medium
CVE-2017-2825

Vendor: Debian
Software: Debian linux
 

 
In the trapper functionality of Zabbix Server 2.4.x, specifically crafted trapper packets can pass database logic checks, resulting in database writes. An attacker can set up a Man-in-the-Middle server to alter trapper requests made between an active Zabbix proxy and Server to trigger this vulnerability.

 
2018-04-19
Medium
CVE-2018-0275

Vendor: Cisco
Software: Identity ser...
 

 
A vulnerability in the support tunnel feature of Cisco Identity Services Engine (ISE) could allow an authenticated, local attacker to access the device's shell. The vulnerability is due to improper configuration of the support tunnel feature. An attacker could exploit this vulnerability by tricking the device into unlocking the support user account and accessing the tunnel password and device serial number. A successful exploit could allow the attacker to run any system command with root access. This affects Cisco Identity Services Engine (ISE) software versions prior to 2.2.0.470. Cisco Bug IDs: CSCvf54409.

 
2018-04-18
High
CVE-2015-9197

Vendor: Qualcomm
Software: Mdm9206 firmware
 

 
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 615/16/SD 415, SD 617, SD 650/52, SD 808, and SD 810, when enabling XPUs for SMEM partitions, if configuration values are out of range, memory access outside the SMEM may occur and set incorrect XPU configurations.

 
Medium
CVE-2016-10446

Vendor: Qualcomm
Software: Mdm9206 firmware
 

 
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, SD 210/SD 212/SD 205, SD 820, SD 820A, and SD 835, incorrect configuration of the OCIMEM MPU may provide NonSecure Software access to OCIMEM memory used by TZ.

 
2018-02-15
Medium
CVE-2017-12550

Vendor: HP
Software: System manag...
 

 
A local security misconfiguration vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found.

 

 


Copyright 2018, cxsecurity.com

 

Back to Top