CWE:
 

Topic
Date
Author
Low
HP Wireless Mouse Spoofing Issue
17.05.2017
SySS GmbH
Med.
Microsoft Wireless Desktop 2000 Insufficent Verification / Mouse Spoofing
30.07.2016
SySS
Med.
Samsung SW Update Tool 2.2.5.16 Man-In-The-Middle
11.03.2016
CORE


CVEMAP Search Results

CVE
Details
Description
2018-08-10
Low
CVE-2018-10626

Vendor: Medtronic
Software: Mycarelink 2...
 

 
A vulnerability was discovered in all versions of Medtronic MyCareLink 24950 and 24952 Patient Monitor. The affected product's update service does not sufficiently verify the authenticity of the data uploaded. An attacker who obtains per-product credentials from the monitor and paired implantable cardiac device information can potentially upload invalid data to the Medtronic CareLink network.

 
2018-07-24
Low
CVE-2017-3224

Vendor: Quagga
Software: Quagga
 

 
Open Shortest Path First (OSPF) protocol implementations may improperly determine Link State Advertisement (LSA) recency for LSAs with MaxSequenceNumber. According to RFC 2328 section 13.1, for two instances of the same LSA, recency is determined by first comparing sequence numbers, then checksums, and finally MaxAge. In a case where the sequence numbers are the same, the LSA with the larger checksum is considered more recent, and will not be flushed from the Link State Database (LSDB). Since the RFC does not explicitly state that the values of links carried by a LSA must be the same when prematurely aging a self-originating LSA with MaxSequenceNumber, it is possible in vulnerable OSPF implementations for an attacker to craft a LSA with MaxSequenceNumber and invalid links that will result in a larger checksum and thus a 'newer' LSA that will not be flushed from the LSDB. Propagation of the crafted LSA can result in the erasure or alteration of the routing tables of routers within the routing domain, creating a denial of service condition or the re-routing of traffic on the network. CVE-2017-3224 has been reserved for Quagga and downstream implementations (SUSE, openSUSE, and Red Hat packages).

 
2018-06-08
Low
CVE-2017-1405

Vendor: IBM
Software: Security ide...
 

 
IBM Security Identity Manager Virtual Appliance 7.0 processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code. IBM X-Force ID: 127392.

 
2018-04-13
Medium
CVE-2018-10080

Vendor: Secutech project
Software: Ris-11 firmware
 

 
Secutech RiS-11, RiS-22, and RiS-33 devices with firmware V5.07.52_es_FRI01 allow DNS settings changes via a goform/AdvSetDns?GO=wan_dns.asp request in conjunction with a crafted admin cookie.

 
2018-01-31
Low
CVE-2017-1773

Vendor: IBM
Software: Datapower ga...
 

 
IBM DataPower Gateways 7.1, 7,2, 7.5, and 7.6 could allow an attacker using man-in-the-middle techniques to spoof DNS responses to perform DNS cache poisoning and redirect Internet traffic. IBM X-Force ID: 136817.

 
2017-12-25
Low
CVE-2017-12740

Updating...
 

 
Siemens LOGO! Soft Comfort (All versions before V8.2) lacks integrity verification of software packages downloaded via an unprotected communication channel. This could allow a remote attacker to manipulate the software package while performing a Man-in-the-Middle (MitM) attack.

 
2017-12-15
High
CVE-2017-14091

Vendor: Trendmicro
Software: Scanmail
 

 
A vulnerability in Trend Micro ScanMail for Exchange 12.0 exists in which certain specific installations that utilize a uncommon feature - Other Update Sources - could be exploited to overwrite sensitive files in the ScanMail for Exchange directory.

 
2017-11-22
Low
CVE-2017-8201

Vendor: Huawei
Software: Max presence...
 

 
MAX PRESENCE V100R001C00, TP3106 V100R002C00, TP3206 V100R002C00 have an a memory leak vulnerability in H323 protocol. An attacker logs in to the system as a user and send crafted packets to the affected products. Due to insufficient verification of the packets, successful exploit could cause a memory leak and eventual denial of service (DoS) condition.

 
Low
CVE-2017-2701

Vendor: Huawei
Software: Mate 9 firmware
 

 
Mate 9 with software MHA-AL00AC00B125 has a denial of service (DoS) vulnerability. An attacker tricks a user into installing a malicious application. Since the system does not verify the broadcasting message from the application, it could be exploited to cause some functions of system unavailable.

 
2017-08-10
Low
CVE-2017-7674

Vendor: Apache
Software: Tomcat
 

 
The CORS Filter in Apache Tomcat 9.0.0.M1 to 9.0.0.M21, 8.5.0 to 8.5.15, 8.0.0.RC1 to 8.0.44 and 7.0.41 to 7.0.78 did not add an HTTP Vary header indicating that the response varies depending on Origin. This permitted client and server side cache poisoning in some circumstances.

 

 


Copyright 2018, cxsecurity.com

 

Back to Top