Total
247027 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-11281 | 6 Adobe, Apple, Google and 3 more | 10 Flash Player, Macos, Chrome Os and 7 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Adobe Flash Player has an exploitable memory corruption vulnerability in the text handling function. Successful exploitation could lead to arbitrary code execution. This affects 26.0.0.151 and earlier. | |||||
CVE-2016-8964 | 1 Ibm | 2 Bigfix Inventory, License Metric Tool | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
IBM BigFix Inventory v9 9.2 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 118853. | |||||
CVE-2017-16521 | 1 Inedo | 1 Buildmaster | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
In Inedo BuildMaster before 5.8.2, XslTransform was used where XslCompiledTransform should have been used. | |||||
CVE-2017-5093 | 6 Apple, Debian, Google and 3 more | 9 Macos, Debian Linux, Android and 6 more | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
Inappropriate implementation in modal dialog handling in Blink in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to prevent a full screen warning from being displayed via a crafted HTML page. | |||||
CVE-2017-1374 | 1 Ibm | 1 Tririga Application Platform | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
Sensitive data can be exposed in the IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 that can lead to an attacker gaining unauthorized access to the system. IBM X-Force ID: 126867. | |||||
CVE-2017-11056 | 1 Google | 1 Android | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while doing sha and cipher operations, a userspace buffer is directly accessed in kernel space potentially leading to a page fault. | |||||
CVE-2017-5695 | 1 Intel | 14 Ssd 540s 2.5\", Ssd 540s 2.5\" Firmware, Ssd 540s M.2 and 11 more | 2023-12-10 | 2.1 LOW | 4.6 MEDIUM |
Data corruption vulnerability in firmware in Intel Solid-State Drive Consumer, Professional, Embedded, Data Center affected firmware versions LSBG200, LSF031C, LSF036C, LBF010C, LSBG100, LSF031C, LSF036C, LBF010C, LSF031P, LSF036P, LBF010P, LSF031P, LSF036P, LBF010P, LSMG200, LSF031E, LSF036E, LSMG100, LSF031E, LSF036E, LSDG200, LSF031D, LSF036D allows local users to cause a denial of service via unspecified vectors. | |||||
CVE-2017-0316 | 2 Microsoft, Nvidia | 2 Windows, Geforce Experience | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
In GeForce Experience (GFE) 3.x before 3.10.0.55, NVIDIA Installer Framework contains a vulnerability in NVISystemService64 where a value passed from a user to the driver is used without validation, which may lead to denial of service or possible escalation of privileges. | |||||
CVE-2017-17439 | 2 Debian, Heimdal Project | 2 Debian Linux, Heimdal | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
In Heimdal through 7.4, remote unauthenticated attackers are able to crash the KDC by sending a crafted UDP packet containing empty data fields for client name or realm. The parser would unconditionally dereference NULL pointers in that case, leading to a segmentation fault. This is related to the _kdc_as_rep function in kdc/kerberos5.c and the der_length_visible_string function in lib/asn1/der_length.c. | |||||
CVE-2017-9906 | 1 Xnview | 1 Xnview | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
XnView Classic for Windows Version 2.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to "Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at Xfpx!gffGetFormatInfo+0x0000000000028508." | |||||
CVE-2017-9533 | 1 Irfanview | 2 Fpx, Irfanview | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to execute arbitrary code or cause a denial of service via a crafted .fpx file, related to a "User Mode Write AV starting at FPX!DE_Decode+0x0000000000000a9b." | |||||
CVE-2017-2034 | 2023-12-10 | N/A | N/A | ||
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none | |||||
CVE-2017-17599 | 1 Advance Online Learning Management Script Project | 1 Advance Online Learning Management Script | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Advance Online Learning Management Script 3.1 has SQL Injection via the courselist.php subcatid or popcourseid parameter. | |||||
CVE-2017-10789 | 1 Dbd-mysql Project | 1 Dbd-mysql | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
The DBD::mysql module through 4.043 for Perl uses the mysql_ssl=1 setting to mean that SSL is optional (even though this setting's documentation has a "your communication with the server will be encrypted" statement), which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, a related issue to CVE-2015-3152. | |||||
CVE-2017-13682 | 1 Symantec | 1 Encryption Desktop | 2023-12-10 | 2.3 LOW | 5.7 MEDIUM |
In Symantec Encryption Desktop before SED 10.4.1 MP2HF1, a kernel memory leak is a type of resource leak that can occur when a computer program incorrectly manages memory allocations in such a way that memory which is no longer needed is not released. In object-oriented programming, a memory leak may happen when an object is stored in memory but cannot be accessed by the running code. | |||||
CVE-2015-7691 | 5 Debian, Netapp, Ntp and 2 more | 13 Debian Linux, Clustered Data Ontap, Data Ontap and 10 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted packets containing particular autokey operations. NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750. | |||||
CVE-2017-14013 | 1 Prominent | 2 Multiflex M10a Controller, Multiflex M10a Controller Firmware | 2023-12-10 | 6.8 MEDIUM | 5.6 MEDIUM |
A Client-Side Enforcement of Server-Side Security issue was discovered in ProMinent MultiFLEX M10a Controller web interface. The log out function in the application removes the user's session only on the client side. This may allow an attacker to bypass protection mechanisms, gain privileges, or assume the identity of an authenticated user. | |||||
CVE-2017-2816 | 2 Debian, Libofx Project | 2 Debian Linux, Libofx | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
An exploitable buffer overflow vulnerability exists in the tag parsing functionality of LibOFX 0.9.11. A specially crafted OFX file can cause a write out of bounds resulting in a buffer overflow on the stack. An attacker can construct a malicious OFX file to trigger this vulnerability. | |||||
CVE-2017-11007 | 1 Google | 1 Android | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, there is a possibility of stack corruption due to buffer overflow of Partition name while converting ascii string to unicode string in function HandleMetaImgFlash. | |||||
CVE-2017-0295 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
Microsoft Windows 10 1607 and 1703, and Windows Server 2016 allow an authenticated attacker to modify the C:\Users\DEFAULT folder structure, aka "Windows Default Folder Tampering Vulnerability". |