Total
246910 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-1946 | 2023-12-10 | N/A | N/A | ||
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none | |||||
CVE-2016-9987 | 1 Ibm | 1 Jazz Reporting Service | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120553. | |||||
CVE-2017-10019 | 1 Oracle | 1 Peoplesoft Enterprise Peopletools | 2023-12-10 | 4.3 MEDIUM | 7.4 HIGH |
Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Integration Broker). Supported versions that are affected are 8.54 and 8.55. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 7.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N). | |||||
CVE-2017-12909 | 1 Nexusphp Project | 1 Nexusphp | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
SQL injection vulnerability in modtask.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the userid parameter. | |||||
CVE-2016-6121 | 1 Ibm | 2 Emptoris Strategic Supply Management, Emptoris Supplier Lifecycle Management | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118383. | |||||
CVE-2017-15985 | 1 Readymadeb2bscript | 1 Basic B2b Script | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Basic B2B Script allows SQL Injection via the product_view1.php pid or id parameter. | |||||
CVE-2017-1000209 | 1 Nv-websocket-client Project | 1 Nv-websocket-client | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
The Java WebSocket client nv-websocket-client does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL/TLS servers via an arbitrary valid certificate. | |||||
CVE-2017-16919 | 1 Mapos Project | 1 Mapos | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
MapOS 3.1.11 and earlier has a Stored Cross-site Scripting (XSS) vulnerability in /clientes/visualizar, which allows remote attackers to inject arbitrary web script or HTML via a crafted description parameter. | |||||
CVE-2017-11290 | 1 Adobe | 1 Connect | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A UI Redress (or Clickjacking) vulnerability exists. This issue has been resolved by adding a feature that enables Connect administrators to protect users from UI redressing (or clickjacking) attacks. | |||||
CVE-2017-11679 | 1 Hashtopus Project | 1 Hashtopus | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
Cross-Site Request Forgery (CSRF) exists in Hashtopus 1.5g via the password parameter to admin.php in an a=config action. | |||||
CVE-2017-8280 | 1 Google | 1 Android | 2023-12-10 | 5.1 MEDIUM | 7.0 HIGH |
In all Qualcomm products with Android releases from CAF using the Linux kernel, during the wlan calibration data store and retrieve operation, there are some potential race conditions which lead to a memory leak and a buffer overflow during the context switch. | |||||
CVE-2017-12373 | 1 Cisco | 10 Adaptive Security Appliance 5505, Adaptive Security Appliance 5505 Firmware, Adaptive Security Appliance 5510 and 7 more | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
A vulnerability in the TLS protocol implementation of legacy Cisco ASA 5500 Series (ASA 5505, 5510, 5520, 5540, and 5550) devices could allow an unauthenticated, remote attacker to access sensitive information, aka a Return of Bleichenbacher's Oracle Threat (ROBOT) attack. An attacker could iteratively query a server running a vulnerable TLS stack implementation to perform cryptanalytic operations that may allow decryption of previously captured TLS sessions. Cisco Bug IDs: CSCvg97652. | |||||
CVE-2017-1000207 | 1 Swagger | 2 Swagger-codegen, Swagger-parser | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
A vulnerability in Swagger-Parser's version <= 1.0.30 and Swagger codegen version <= 2.2.2 yaml parsing functionality results in arbitrary code being executed when a maliciously crafted yaml Open-API specification is parsed. This in particular, affects the 'generate' and 'validate' command in swagger-codegen (<= 2.2.2) and can lead to arbitrary code being executed when these commands are used on a well-crafted yaml specification. | |||||
CVE-2017-0286 | 1 Microsoft | 3 Office, Windows 7, Windows Server 2008 | 2023-12-10 | 1.9 LOW | 5.0 MEDIUM |
Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper disclosure of memory contents, aka "Windows Graphics Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0287, CVE-2017-0288, CVE-2017-0289, CVE-2017-8531, CVE-2017-8532, and CVE-2017-8533. | |||||
CVE-2017-10962 | 1 Project-redcap | 1 Redcap | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
REDCap before 7.5.1 has XSS via the query string. | |||||
CVE-2017-10662 | 1 Linux | 1 Linux Kernel | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
The sanity_check_raw_super function in fs/f2fs/super.c in the Linux kernel before 4.11.1 does not validate the segment count, which allows local users to gain privileges via unspecified vectors. | |||||
CVE-2017-7523 | 1 Cygwin | 1 Cygwin | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Cygwin versions 1.7.2 up to and including 1.8.0 are vulnerable to buffer overflow vulnerability in wcsxfrm/wcsxfrm_l functions resulting into denial-of-service by crashing the process or potential hijack of the process running with administrative privileges triggered by specially crafted input string. | |||||
CVE-2017-1993 | 2023-12-10 | N/A | N/A | ||
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none | |||||
CVE-2017-16881 | 1 Symphony Project | 1 Symphony | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
b3log Symphony (aka Sym) 2.2.0 does not properly address XSS in JSON objects, as demonstrated by a crafted userAvatarURL value to /settings/avatar, related to processor/AdminProcessor.java, processor/ArticleProcessor.java, processor/UserProcessor.java, service/ArticleQueryService.java, service/AvatarQueryService.java, and service/CommentQueryService.java. | |||||
CVE-2017-11628 | 1 Php | 1 Php | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, a stack-based buffer overflow in the zend_ini_do_op() function in Zend/zend_ini_parser.c could cause a denial of service or potentially allow executing code. NOTE: this is only relevant for PHP applications that accept untrusted input (instead of the system's php.ini file) for the parse_ini_string or parse_ini_file function, e.g., a web application for syntax validation of php.ini directives. |