U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
There are 240,799 matching records.
Displaying matches 145,761 through 145,780.
Vuln ID Summary CVSS Severity
CVE-2017-1739

IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, and 7.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134921.

Published: January 11, 2018; 12:29:00 PM -0500
V4.0:(not available)
V3.0: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2017-1681

IBM WebSphere Application Server (IBM Liberty for Java for Bluemix 3.15) could allow a local attacker to obtain sensitive information, caused by improper handling of application requests, which could allow unauthorized access to read a file. IBM X-Force ID: 134003.

Published: January 11, 2018; 12:29:00 PM -0500
V4.0:(not available)
V3.0: 3.3 LOW
V2.0: 2.1 LOW
CVE-2017-1478

IBM Security Access Manager Appliance 9.0.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 128613.

Published: January 11, 2018; 12:29:00 PM -0500
V4.0:(not available)
V3.0: 3.3 LOW
V2.0: 2.1 LOW
CVE-2018-5189

Race condition in Jungo Windriver 12.5.1 allows local users to cause a denial of service (buffer overflow) or gain system privileges by flipping pool buffer size, aka a "double fetch" vulnerability.

Published: January 11, 2018; 11:29:01 AM -0500
V4.0:(not available)
V3.0: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2017-18016

Parity Browser 1.6.10 and earlier allows remote attackers to bypass the Same Origin Policy and obtain sensitive information by requesting other websites via the Parity web proxy engine (reusing the current website's token, which is not bound to an origin).

Published: January 11, 2018; 11:29:01 AM -0500
V4.0:(not available)
V3.0: 5.3 MEDIUM
V2.0: 5.0 MEDIUM
CVE-2017-15637

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the pptphellointerval variable in the pptp_server.lua file.

Published: January 11, 2018; 11:29:01 AM -0500
V4.0:(not available)
V3.0: 7.2 HIGH
V2.0: 9.0 HIGH
CVE-2017-15636

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-time variable in the webfilter.lua file.

Published: January 11, 2018; 11:29:01 AM -0500
V4.0:(not available)
V3.0: 7.2 HIGH
V2.0: 9.0 HIGH
CVE-2017-15635

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the max_conn variable in the session_limits.lua file.

Published: January 11, 2018; 11:29:01 AM -0500
V4.0:(not available)
V3.0: 7.2 HIGH
V2.0: 9.0 HIGH
CVE-2017-15634

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the name variable in the wportal.lua file.

Published: January 11, 2018; 11:29:01 AM -0500
V4.0:(not available)
V3.0: 7.2 HIGH
V2.0: 9.0 HIGH
CVE-2017-15633

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-ipgroup variable in the session_limits.lua file.

Published: January 11, 2018; 11:29:01 AM -0500
V4.0:(not available)
V3.0: 7.2 HIGH
V2.0: 9.0 HIGH
CVE-2017-15632

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-mppeencryption variable in the pptp_server.lua file.

Published: January 11, 2018; 11:29:01 AM -0500
V4.0:(not available)
V3.0: 7.2 HIGH
V2.0: 9.0 HIGH
CVE-2017-15631

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-workmode variable in the pptp_client.lua file.

Published: January 11, 2018; 11:29:01 AM -0500
V4.0:(not available)
V3.0: 7.2 HIGH
V2.0: 9.0 HIGH
CVE-2017-15630

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-remotesubnet variable in the pptp_client.lua file.

Published: January 11, 2018; 11:29:01 AM -0500
V4.0:(not available)
V3.0: 7.2 HIGH
V2.0: 9.0 HIGH
CVE-2017-15629

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-tunnelname variable in the pptp_client.lua file.

Published: January 11, 2018; 11:29:01 AM -0500
V4.0:(not available)
V3.0: 7.2 HIGH
V2.0: 9.0 HIGH
CVE-2017-15628

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the lcpechointerval variable in the pptp_server.lua file.

Published: January 11, 2018; 11:29:01 AM -0500
V4.0:(not available)
V3.0: 7.2 HIGH
V2.0: 9.0 HIGH
CVE-2017-15627

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-pns variable in the pptp_client.lua file.

Published: January 11, 2018; 11:29:01 AM -0500
V4.0:(not available)
V3.0: 7.2 HIGH
V2.0: 9.0 HIGH
CVE-2017-15626

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-bindif variable in the pptp_server.lua file.

Published: January 11, 2018; 11:29:00 AM -0500
V4.0:(not available)
V3.0: 7.2 HIGH
V2.0: 9.0 HIGH
CVE-2017-15625

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-olmode variable in the pptp_client.lua file.

Published: January 11, 2018; 11:29:00 AM -0500
V4.0:(not available)
V3.0: 7.2 HIGH
V2.0: 9.0 HIGH
CVE-2017-15624

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-authtype variable in the pptp_server.lua file.

Published: January 11, 2018; 11:29:00 AM -0500
V4.0:(not available)
V3.0: 7.2 HIGH
V2.0: 9.0 HIGH
CVE-2017-15623

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-enable variable in the pptp_server.lua file.

Published: January 11, 2018; 11:29:00 AM -0500
V4.0:(not available)
V3.0: 7.2 HIGH
V2.0: 9.0 HIGH