Total
11829 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-2750 | 1 Hp | 346 A2w75a, A2w75a Firmware, A2w76a and 343 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Insufficient Solution DLL Signature Validation allows potential execution of arbitrary code in HP LaserJet Enterprise printers, HP PageWide Enterprise printers, HP LaserJet Managed printers, HP OfficeJet Enterprise printers before 2308937_578479, 2405087_018548, and other firmware versions.
|
|||||
| CVE-2017-2674 | 1 Redhat | 1 Jboss Bpm Suite | 2024-11-21 | 3.5 LOW | 6.1 MEDIUM |
|
JBoss BRMS 6 and BPM Suite 6 before 6.4.3 are vulnerable to a stored XSS via several lists in Business Central. The flaw is due to lack of sanitation of user input when creating new lists. Remote, authenticated attackers that have privileges to create lists can store scripts in them, which are not properly sanitized before showing to other users, including admins.
|
|||||
| CVE-2017-2669 | 2 Debian, Dovecot | 2 Debian Linux, Dovecot | 2024-11-21 | 5.0 MEDIUM | 3.7 LOW |
|
Dovecot before version 2.2.29 is vulnerable to a denial of service. When 'dict' passdb and userdb were used for user authentication, the username sent by the IMAP/POP3 client was sent through var_expand() to perform %variable expansion. Sending specially crafted %variable fields could result in excessive memory usage causing the process to crash (and restart), or excessive CPU usage causing all authentications to hang.
|
|||||
| CVE-2017-2658 | 1 Redhat | 2 Jboss Bpm Suite, Jboss Data Virtualization \& Services | 2024-11-21 | 4.3 MEDIUM | 2.6 LOW |
|
It was discovered that the Dashbuilder login page as used in Red Hat JBoss BPM Suite before 6.4.2 and Red Hat JBoss Data Virtualization & Services before 6.4.3 could be opened in an IFRAME, which made it possible to intercept and manipulate requests. An attacker could use this flaw to trick a user into performing arbitrary actions in the Console (clickjacking).
|
|||||
| CVE-2017-2653 | 1 Redhat | 2 Cloudforms, Cloudforms Management Engine | 2024-11-21 | 4.0 MEDIUM | 4.1 MEDIUM |
|
A number of unused delete routes are present in CloudForms before 5.7.2.1 which can be accessed via GET requests instead of just POST requests. This could allow an attacker to bypass the protect_from_forgery XSRF protection causing the routes to be used. This attack would require additional cross-site scripting or similar attacks in order to execute.
|
|||||
| CVE-2017-2614 | 1 Redhat | 1 Enterprise Virtualization | 2024-11-21 | 2.1 LOW | 6.8 MEDIUM |
|
When updating a password in the rhvm database the ovirt-aaa-jdbc-tool tools before 1.1.3 fail to correctly check for the current password if it is expired. This would allow access to an attacker with access to change the password on accounts with expired passwords, gaining access to those accounts.
|
|||||
| CVE-2017-2296 | 1 Puppet | 1 Puppet Enterprise | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
In Puppet Enterprise 2017.1.x and 2017.2.1, using specially formatted strings with certain formatting characters as Classifier node group names or RBAC role display names causes errors, effectively causing a DOS to the service. This was resolved in Puppet Enterprise 2017.2.2.
|
|||||
| CVE-2017-2158 | 1 Lhaplus Project | 1 Lhaplus | 2024-11-21 | 4.3 MEDIUM | 3.3 LOW |
|
Improper verification when expanding ZIP64 archives in Lhaplus versions 1.73 and earlier may lead to unintended contents to be extracted from a specially crafted ZIP64 archive.
|
|||||
| CVE-2017-1747 | 1 Ibm | 1 Websphere Mq | 2024-11-21 | 4.0 MEDIUM | 5.3 MEDIUM |
|
A specially crafted message could cause a denial of service in IBM WebSphere MQ 9.0, 9.0.0.1, 9.0.0.2, 9.0.1, 9.0.2, 9.0.3, and 9.0.4 applications consuming messages that it needs to perform data conversion on. IBM X-Force ID: 135520.
|
|||||
| CVE-2017-1082 | 1 Freebsd | 1 Freebsd | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
In FreeBSD 11.x before 11.1-RELEASE and 10.x before 10.4-RELEASE, the qsort algorithm has a deterministic recursion pattern. Feeding a pathological input to the algorithm can lead to excessive stack usage and potential overflow. Applications that use qsort to handle large data set may crash if the input follows the pathological pattern.
|
|||||
| CVE-2017-1081 | 1 Freebsd | 1 Freebsd | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
In FreeBSD before 11.0-STABLE, 11.0-RELEASE-p10, 10.3-STABLE, and 10.3-RELEASE-p19, ipfilter using "keep state" or "keep frags" options can cause a kernel panic when fed specially crafted packet fragments due to incorrect memory handling.
|
|||||
| CVE-2017-18890 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows an attacker to create a button that, when pressed by a user, launches an API request.
|
|||||
| CVE-2017-18889 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. An attacker could create fictive system-message posts via webhooks and slash commands, in the v3 or v4 REST API.
|
|||||
| CVE-2017-18873 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows attackers to cause a denial of service (channel invisibility) via a misformatted post.
|
|||||
| CVE-2017-18867 | 1 Netgear | 10 D6100, D6100 Firmware, D7800 and 7 more | 2024-11-21 | 4.6 MEDIUM | 6.8 MEDIUM |
|
Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D6100 before 1.0.0.55, D7800 before V1.0.1.24, R7100LG before V1.0.0.32, WNDR4300v1 before 1.0.2.90, and WNDR4500v3 before 1.0.0.48.
|
|||||
| CVE-2017-18840 | 1 Netgear | 20 M4200, M4200 Firmware, M4300-12x12f and 17 more | 2024-11-21 | 2.1 LOW | 6.2 MEDIUM |
|
Certain NETGEAR devices are affected by denial of service. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15.
|
|||||
| CVE-2017-18803 | 1 Netgear | 2 R7800, R7800 Firmware | 2024-11-21 | 2.1 LOW | 6.2 MEDIUM |
|
NETGEAR R7800 devices before 1.0.2.30 are affected by incorrect configuration of security settings.
|
|||||
| CVE-2017-18799 | 1 Netgear | 24 D8500, D8500 Firmware, R6200 and 21 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects R6200v2 before 1.0.3.14, R6250 before 1.0.4.8, R6300v2 before 1.0.4.8, R6700 before 1.1.1.20, R7000 before 1.0.7.10, R7000P/R6900P before 1.0.0.56, R7100LG before 1.0.0.30, R7900 before 1.0.1.14, R8000 before 1.0.3.22, R8500 before 1.0.2.74, and D8500 before 1.0.3.28.
|
|||||
| CVE-2017-18798 | 1 Netgear | 10 D1500, D1500 Firmware, D500 and 7 more | 2024-11-21 | 2.1 LOW | 6.2 MEDIUM |
|
Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects R6700v2 before 1.1.0.38, R6800 before 1.1.0.38, D7000 before 1.0.1.50, and D1500 before 1.0.0.25.
|
|||||
| CVE-2017-18778 | 1 Netgear | 60 D6220, D6220 Firmware, D6400 and 57 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D6220 before 1.0.0.28, D6400 before 1.0.0.60, D7000 before 1.0.1.52, D7000v2 before 1.0.0.38, D7800 before 1.0.1.24, D8500 before 1.0.3.29, JNR1010v2 before 1.1.0.44, JR6150 before 1.0.1.14, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.20, R6050 before 1.0.1.14, R6220 before 1.1.0.60, R6400 before 1.1.0.26, R6400v2 before 1.0.2.46, R6700v2 before 1.2.0.2, R6800 before 1.2.0.2, R6900v2 before 1.2 ...
Show More |
|||||
| CVE-2017-18763 | 1 Netgear | 28 Jnr1010, Jnr1010 Firmware, Jr6150 and 25 more | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
|
Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects JNR1010v2 before 1.1.0.42, JR6150 before 1.0.1.10, JWNR2010v5 before 1.1.0.42, PR2000 before 1.0.0.18, R6050 before 1.0.1.10, R6120 before 1.0.0.30, R6220 before 1.1.0.50, R6700v2 before 1.2.0.4, R6800 before 1.2.0.4, R6900v2 before 1.2.0.4, WNDR3700v5 before 1.1.0.48, WNR1000v4 before 1.1.0.42, WNR2020 before 1.1.0.42, and WNR2050 before 1.1.0.42.
|
|||||
| CVE-2017-18747 | 1 Netgear | 16 Ex3700, Ex3700 Firmware, Ex3800 and 13 more | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
|
Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects EX3700 before 1.0.0.64, EX3800 before 1.0.0.64, EX6000 before 1.0.0.24, EX6130 before 1.0.0.16, EX6400 before 1.0.1.60, EX7000 before 1.0.0.50, EX7300 before 1.0.1.60, and WN2500RPv2 before 1.0.1.46.
|
|||||
| CVE-2017-18685 | 1 Google | 1 Android | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), and M(6.0) software. The InputMethod application can cause a system crash via a malformed serializable object in an Intent. The Samsung ID is SVE-2016-7123 (February 2017).
|
|||||
| CVE-2017-18684 | 1 Google | 1 Android | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered on Samsung mobile devices with L(5.0/5.1) and M(6.0) software. SVoice allows provider seizure via an application that uses a custom provider. The Samsung ID is SVE-2016-6942 (February 2017).
|
|||||
| CVE-2017-18683 | 1 Google | 1 Android | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered on Samsung mobile devices with L(5.0/5.1) and M(6.0) software. SVoice allows Hare Hunting during application installation. The Samsung ID is SVE-2016-6942 (February 2017).
|
|||||
| CVE-2017-18680 | 1 Google | 1 Android | 2024-11-21 | 3.6 LOW | 7.1 HIGH |
|
An issue was discovered on Samsung mobile devices with L(5.0/5.1) and M(6.0) (tablets) software. The lockscreen interface allows Add User actions, leading to an unintended ability to access user data in external storage. The Samsung ID is SVE-2016-7797 (March 2017).
|
|||||
| CVE-2017-18679 | 1 Google | 1 Android | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
An issue was discovered on Samsung mobile devices with M(6.0) software. SLocation can cause a system crash via a call to an API that is not implemented. The Samsung ID is SVE-2017-8285 (April 2017).
|
|||||
| CVE-2017-18676 | 1 Google | 1 Android | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered on Samsung mobile devices with N(7.0) (Qualcomm chipsets) software. There is an RKP kernel protection bypass (in which unwanted memory mappings may occur) because of a lack of MSR trapping. The Samsung ID is SVE-2016-7901 (April 2017).
|
|||||
| CVE-2017-18674 | 1 Google | 1 Android | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
An issue was discovered on Samsung mobile devices with N(7.0) software. The time service (aka Timaservice) allows a kernel panic. The Samsung ID is SVE-2017-8593 (May 2017).
|
|||||
| CVE-2017-18673 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 2.4 LOW |
|
An issue was discovered on Samsung mobile devices with N(7.x) software. An attacker can disable the Location service on a locked device, making it impossible for the rightful owner to find a stolen device. The Samsung ID is SVE-2017-8524 (May 2017).
|
|||||
| CVE-2017-18667 | 1 Google | 1 Android | 2024-11-21 | 5.0 MEDIUM | 4.3 MEDIUM |
|
An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), M(6.0), and N(7.x) software. Attackers can prevent users from learning that SMS storage space has been exhausted. The Samsung ID is SVE-2017-8702 (June 2017).
|
|||||
| CVE-2017-18648 | 1 Google | 1 Android | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
|
An issue was discovered on Samsung mobile devices with KK(4.4.x), L(5.x), M(6.x), and N(7.x) software. Arbitrary file read/write operations can occur in the locked state via a crafted MTP command. The Samsung ID is SVE-2017-10086 (November 2017).
|
|||||
| CVE-2017-18589 | 1 Cookie Project | 1 Cookie | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered in the cookie crate before 0.7.6 for Rust. Large integers in the Max-Age of a cookie cause a panic.
|
|||||
| CVE-2017-18580 | 1 Getshortcodes | 1 Shortcodes Ultimate | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The shortcodes-ultimate plugin before 5.0.1 for WordPress has remote code execution via a filter in a meta, post, or user shortcode.
|
|||||
| CVE-2017-18574 | 1 Ninjaforms | 1 Ninja Forms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The ninja-forms plugin before 3.0.31 for WordPress has insufficient HTML escaping in the builder.
|
|||||
| CVE-2017-18545 | 1 Invite Anyone Project | 1 Invite Anyone | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
The invite-anyone plugin before 1.3.16 for WordPress has incorrect escaping of untrusted Dashboard and front-end input.
|
|||||
| CVE-2017-18509 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
An issue was discovered in net/ipv6/ip6mr.c in the Linux kernel before 4.11. By setting a specific socket option, an attacker can control a pointer in kernel land and cause an inet_csk_listen_stop general protection fault, or potentially execute arbitrary code under certain circumstances. The issue can be triggered as root (e.g., inside a default LXC container or with the CAP_NET_ADMIN capability) or after namespace unsharing. This occurs because sk_type and protocol are not checked in the appro ...
Show More |
|||||
| CVE-2017-18482 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
cPanel before 62.0.4 allows resellers to use the WHM enqueue_transfer_item API for queueing non-rearrange modules (SEC-213).
|
|||||
| CVE-2017-18475 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
In cPanel before 62.0.4, Exim piped filters ran in the context of an incorrect user account when delivering to a system user (SEC-204).
|
|||||
| CVE-2017-18469 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
|
cPanel before 62.0.17 allows demo accounts to execute code via an NVData_fetchinc API call (SEC-233).
|
|||||