Total
246917 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-6705 | 1 Jamroom | 1 Jamroom | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) exists in Jamroom before 4.2.7 via the Status Update field. | |||||
| CVE-2017-13098 | 1 Bouncycastle | 1 Legion-of-the-bouncy-castle-java-crytography-api | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
| BouncyCastle TLS prior to version 1.0.3, when configured to use the JCE (Java Cryptography Extension) for cryptographic functions, provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable application. This vulnerability is referred to as "ROBOT." | |||||
| CVE-2017-17740 | 4 Mcafee, Openldap, Opensuse and 1 more | 4 Policy Auditor, Openldap, Leap and 1 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation. | |||||
| CVE-2017-7038 | 1 Apple | 4 Iphone Os, Safari, Tvos and 1 more | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| A DOMParser XSS issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. | |||||
| CVE-2017-14123 | 1 Zohocorp | 1 Manageengine Firewall Analyzer | 2023-12-10 | 9.0 HIGH | 8.8 HIGH |
| Zoho ManageEngine Firewall Analyzer 12200 has an unrestricted File Upload vulnerability in the "Group Chat" section. Any user can upload files with any extensions. By uploading a PHP file to the server, an attacker can cause it to execute in the server context, as demonstrated by /itplus/FileStorage/302/shell.jsp. | |||||
| CVE-2017-7079 | 1 Apple | 1 Itunes | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in certain Apple products. iTunes before 12.7 is affected. The issue involves the "Data Sync" component. It allows attackers to access iOS backups (written by iTunes) via a crafted app. | |||||
| CVE-2017-1855 | 2023-12-10 | N/A | N/A | ||
| Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none | |||||
| CVE-2017-17498 | 1 Graphicsmagick | 1 Graphicsmagick | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| WritePNMImage in coders/pnm.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (bit_stream.c MagickBitStreamMSBWrite heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file. | |||||
| CVE-2017-8663 | 1 Microsoft | 1 Outlook | 2023-12-10 | 9.3 HIGH | 7.8 HIGH |
| Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outlook 2013 RT SP1, and Outlook 2016 as packaged in Microsoft Office allows a remote code execution vulnerability due to the way Microsoft Outlook parses specially crafted email messages, aka "Microsoft Office Outlook Memory Corruption Vulnerability" | |||||
| CVE-2017-14244 | 1 Iball | 2 Ib-wra150n, Ib-wra150n Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| An authentication bypass vulnerability on iBall Baton ADSL2+ Home Router FW_iB-LR7011A_1.0.2 devices potentially allows attackers to directly access administrative router settings by crafting URLs with a .cgi extension, as demonstrated by /info.cgi and /password.cgi. | |||||
| CVE-2015-3405 | 7 Debian, Fedoraproject, Ntp and 4 more | 13 Debian Linux, Fedora, Ntp and 10 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian machines when the lowest order byte of the temp variable is between 0x20 and 0x7f and not #, which might allow remote attackers to obtain the value of generated MD5 keys via a brute force attack with the 93 possible keys. | |||||
| CVE-2017-12149 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| In Jboss Application Server as shipped with Red Hat Enterprise Application Platform 5.2, it was found that the doFilter method in the ReadOnlyAccessFilter of the HTTP Invoker does not restrict classes for which it performs deserialization and thus allowing an attacker to execute arbitrary code via crafted serialized data. | |||||
| CVE-2017-9128 | 1 Libquicktime | 1 Libquicktime | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| The quicktime_video_width function in lqt_quicktime.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted mp4 file. | |||||
| CVE-2017-11154 | 1 Synology | 1 Photo Station | 2023-12-10 | 6.5 MEDIUM | 7.2 HIGH |
| Unrestricted file upload vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to create arbitrary PHP scripts via the type parameter. | |||||
| CVE-2017-11127 | 1 Bolt | 1 Bolt Cms | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
| Bolt CMS 3.2.14 allows stored XSS by uploading an SVG document with a "Content-Type: image/svg+xml" header. | |||||
| CVE-2017-3193 | 1 Dlink | 2 Dir-850l, Dir-850l Firmware | 2023-12-10 | 8.3 HIGH | 8.8 HIGH |
| Multiple D-Link devices including the DIR-850L firmware versions 1.14B07 and 2.07.B05 contain a stack-based buffer overflow vulnerability in the web administration interface HNAP service. | |||||
| CVE-2017-11469 | 1 Idera | 1 Uptime Infrastructure Monitor | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| get2post.php in IDERA Uptime Monitor 7.8 has directory traversal in the file_name parameter. | |||||
| CVE-2017-1262 | 1 Ibm | 1 Security Guardium | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
| IBM Security Guardium 10.0 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 124737. | |||||
| CVE-2017-14844 | 1 Dasinfomedia | 1 Wpgym Gym Management System | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
| Mojoomla WPGYM WordPress Gym Management System allows SQL Injection via the id parameter. | |||||
| CVE-2017-14415 | 1 Dlink | 2 Dir-850l, Dir-850l Firmware | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action parameter to htdocs/web/sitesurvey.php. | |||||