Total
250644 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-11235 | 3 Adobe, Apple, Microsoft | 7 Acrobat, Acrobat Dc, Acrobat Reader and 4 more | 2023-12-10 | 9.3 HIGH | 8.8 HIGH |
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in the image conversion engine when decompressing JPEG data. Successful exploitation could lead to arbitrary code execution. | |||||
CVE-2017-14827 | 1 Foxitsoftware | 1 Foxit Reader | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the append method of XFA Node objects. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5019. | |||||
CVE-2017-11612 | 1 Joomla | 1 Joomla\! | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
In Joomla! before 3.7.4, inadequate filtering of potentially malicious HTML tags leads to XSS vulnerabilities in various components. | |||||
CVE-2017-7416 | 1 Ntop | 1 Ntopng | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
ntopng before 3.0 allows XSS because GET and POST parameters are improperly validated. | |||||
CVE-2017-1000251 | 4 Debian, Linux, Nvidia and 1 more | 10 Debian Linux, Linux Kernel, Jetson Tk1 and 7 more | 2023-12-10 | 7.7 HIGH | 8.0 HIGH |
The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space. | |||||
CVE-2017-14739 | 1 Imagemagick | 1 Imagemagick | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
The AcquireResampleFilterThreadSet function in magick/resample-private.h in ImageMagick 7.0.7-4 mishandles failed memory allocation, which allows remote attackers to cause a denial of service (NULL Pointer Dereference in DistortImage in MagickCore/distort.c, and application crash) via unspecified vectors. | |||||
CVE-2017-1847 | 2023-12-10 | N/A | N/A | ||
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none | |||||
CVE-2017-12330 | 1 Cisco | 1 Nx-os | 2023-12-10 | 4.6 MEDIUM | 6.3 MEDIUM |
A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments to the CLI parser. An attacker could exploit this vulnerability by injecting crafted command arguments into a vulnerable CLI command and gaining unauthorized access to the underlying operating system of the device. An exploit could allow the attacker to execute arbitrary commands at the user's privilege level. On products that support multiple virtual device contexts (VDCs), this vulnerability could allow an attacker to execute commands at the user's privilege level outside the user's environment. This vulnerability affects the following products running Cisco NX-OS System Software: Multilayer Director Switches, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 5000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules. Cisco Bug IDs: CSCve99902, CSCvf14879. | |||||
CVE-2017-1000185 | 1 Swftools | 1 Swftools | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
In SWFTools, a memcpy buffer overflow was found in gif2swf. | |||||
CVE-2017-8038 | 1 Pivotal Software | 1 Credhub-release | 2023-12-10 | 4.0 MEDIUM | 8.8 HIGH |
In Cloud Foundry Foundation Credhub-release version 1.1.0, access control lists (ACLs) enforce whether an authenticated user can perform an operation on a credential. For installations using ACLs, the ACL was bypassed for the CredHub interpolate endpoint, allowing authenticated applications to view any credential within the CredHub installation. | |||||
CVE-2017-17869 | 1 Mgl-instagram-gallery Project | 1 Mgl-instagram-gallery | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
The mgl-instagram-gallery plugin for WordPress has XSS via the single-gallery.php media parameter. | |||||
CVE-2017-11170 | 1 Imagemagick | 1 Imagemagick | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
The ReadTGAImage function in coders\tga.c in ImageMagick 7.0.5-6 has a memory leak vulnerability that can cause memory exhaustion via invalid colors data in the header of a TGA or VST file. | |||||
CVE-2016-8948 | 1 Ibm | 1 Emptoris Sourcing | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118835. | |||||
CVE-2017-11735 | 2023-12-10 | N/A | N/A | ||
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue in the originally named product. Notes: none | |||||
CVE-2015-6531 | 1 Paloaltonetworks | 1 Pan-os | 2023-12-10 | 9.3 HIGH | 7.8 HIGH |
Palo Alto Networks Panorama VM Appliance with PAN-OS before 6.0.1 might allow remote attackers to execute arbitrary Python code via a crafted firmware image file. | |||||
CVE-2017-16872 | 2 Debian, Teluu | 2 Debian Linux, Pjsip | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in Teluu pjproject (pjlib and pjlib-util) in PJSIP before 2.7.1. Parsing the numeric header fields in a SIP message (like cseq, ttl, port, etc.) all had the potential to overflow, either causing unintended values to be captured or, if the values were subsequently converted back to strings, a buffer overrun. This will lead to a potential exploit using carefully crafted invalid values. | |||||
CVE-2015-5395 | 2 Alinto, Debian | 2 Sogo, Debian Linux | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
Cross-site request forgery (CSRF) vulnerability in SOGo before 3.1.0. | |||||
CVE-2017-1000151 | 1 Mahara | 1 Mahara | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Mahara 15.04 before 15.04.9 and 15.10 before 15.10.5 and 16.04 before 16.04.3 are vulnerable to passwords or other sensitive information being passed by unusual parameters to end up in an error log. | |||||
CVE-2017-13036 | 1 Tcpdump | 1 Tcpdump | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The OSPFv3 parser in tcpdump before 4.9.2 has a buffer over-read in print-ospf6.c:ospf6_decode_v3(). | |||||
CVE-2017-1000179 | 2023-12-10 | N/A | N/A | ||
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-11101. Reason: This candidate is a reservation duplicate of CVE-2017-11101. Notes: All CVE users should reference CVE-2017-11101 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage |