Total
248911 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-9478 | 1 Cisco | 2 Dpc3939, Dpc3939 Firmware | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST) and DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices sets the CM MAC address to a value with a two-byte offset from the MTA/VoIP MAC address, which indirectly allows remote attackers to discover hidden Home Security Wi-Fi networks by leveraging the embedding of the MTA/VoIP MAC address into the DNS hostname. | |||||
CVE-2017-8864 | 1 Cohuhd | 2 3960hd, 3960hd Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Client-side enforcement using JavaScript of server-side security options on the Cohu 3960HD allows an attacker to manipulate options sent to the camera and cause malfunction or code execution, as demonstrated by a client-side "if (!passwordsAreEqual())" test. | |||||
CVE-2017-5096 | 1 Google | 2 Android, Chrome | 2023-12-10 | 4.3 MEDIUM | 4.3 MEDIUM |
Insufficient policy enforcement during navigation between different schemes in Google Chrome prior to 60.0.3112.78 for Android allowed a remote attacker to perform cross origin content download via a crafted HTML page, related to intents. | |||||
CVE-2017-9876 | 1 Irfanview | 2 Fpx, Irfanview | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to execute arbitrary code or cause a denial of service via a crafted .fpx file, related to "Data from Faulting Address controls Code Flow starting at FPX!FPX_GetScanDevicePropertyGroup+0x000000000000c995." | |||||
CVE-2017-14069 | 1 Nexusphp | 1 Nexusphp | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the usernw array parameter to nowarn.php. | |||||
CVE-2017-0822 | 1 Google | 1 Android | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
An elevation of privilege vulnerability in the Android system (camera). Product: Android. Versions: 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63787722. | |||||
CVE-2017-12157 | 1 Moodle | 1 Moodle | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
In Moodle 3.x, various course reports allow teachers to view details about users in the groups they can't access. | |||||
CVE-2017-16903 | 1 Lvyecms Project | 1 Lvyecms | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
LvyeCMS through 3.1 allows remote attackers to upload and execute arbitrary PHP code via directory traversal sequences in the dir parameter, in conjunction with PHP code in the content parameter, within a template Style add request to index.php. | |||||
CVE-2017-1929 | 2023-12-10 | N/A | N/A | ||
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none | |||||
CVE-2017-17670 | 2 Debian, Videolan | 2 Debian Linux, Vlc Media Player | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
In VideoLAN VLC media player through 2.2.8, there is a type conversion vulnerability in modules/demux/mp4/libmp4.c in the MP4 demux module leading to a invalid free, because the type of a box may be changed between a read operation and a free operation. | |||||
CVE-2017-0696 | 1 Google | 1 Android | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
A denial of service vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37207120. | |||||
CVE-2017-14932 | 1 Gnu | 1 Binutils | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file. | |||||
CVE-2017-11862 | 1 Microsoft | 4 Chakracore, Edge, Windows 10 and 1 more | 2023-12-10 | 7.6 HIGH | 7.5 HIGH |
ChakraCore and Microsoft Edge in Windows 10 1709 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873. | |||||
CVE-2017-9458 | 1 Paloaltonetworks | 1 Pan-os | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
XML external entity (XXE) vulnerability in the GlobalProtect internal and external gateway interface in Palo Alto Networks PAN-OS before 6.1.18, 7.0.x before 7.0.17, 7.1.x before 7.1.12, and 8.0.x before 8.0.3 allows remote attackers to obtain sensitive information, cause a denial of service, or conduct server-side request forgery (SSRF) attacks via unspecified vectors. | |||||
CVE-2017-14571 | 1 Stdutility | 1 Stdu Viewer | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to an "Illegal Instruction Violation starting at Unknown Symbol @ 0x00000000049c024c called from STDUXPSFile!DllUnregisterServer+0x0000000000025706." | |||||
CVE-2017-13982 | 1 Hp | 1 Bsm Platform Application Performance Management System Health | 2023-12-10 | 9.0 HIGH | 8.8 HIGH |
A directory traversal vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows users to upload unrestricted files. | |||||
CVE-2015-5209 | 1 Apache | 1 Struts | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Apache Struts 2.x before 2.3.24.1 allows remote attackers to manipulate Struts internals, alter user sessions, or affect container settings via vectors involving a top object. | |||||
CVE-2016-7816 | 1 Cybozu | 1 Kintone | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
The Cybozu kintone mobile for Android 1.0.6 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2017-0783 | 1 Google | 1 Android | 2023-12-10 | 6.1 MEDIUM | 6.5 MEDIUM |
A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63145701. | |||||
CVE-2016-10362 | 1 Elasticsearch | 1 Output Plugin | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
Prior to Logstash version 5.0.1, Elasticsearch Output plugin when updating connections after sniffing, would log to file HTTP basic auth credentials. |