Total
247131 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-9245 | 1 Google | 1 News And Weather | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
The Google News and Weather application before 3.3.1 for Android allows remote attackers to read OAuth tokens by sniffing the network and leveraging the lack of SSL. | |||||
CVE-2017-0763 | 1 Google | 1 Android | 2023-12-10 | 9.3 HIGH | 7.8 HIGH |
A remote code execution vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62534693. | |||||
CVE-2017-17604 | 1 Entrepreneur Bus Booking Script Project | 1 Entrepreneur Bus Booking Script | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Entrepreneur Bus Booking Script 3.0.4 has SQL Injection via the booker_details.php sourcebus parameter. | |||||
CVE-2017-2131 | 1 Panasonic | 2 Kx-hjb1000, Kx-hjb1000 Firmware | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
Panasonic KX-HJB1000 Home unit devices with firmware GHX1YG 14.50 or HJB1000_4.47 allow an attacker to bypass access restrictions to view the configuration menu via unspecified vectors. | |||||
CVE-2017-12362 | 1 Cisco | 1 Meeting Server | 2023-12-10 | 7.8 HIGH | 6.5 MEDIUM |
A vulnerability in Cisco Meeting Server versions prior to 2.2.2 could allow an authenticated, remote attacker to cause the system to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to video calls being made on systems with a particular configuration. An attacker could exploit this by knowing a valid URI that directs to a Cisco Meeting Server. An attacker could then make a video call and cause the system to reload. Cisco Bug IDs: CSCve65931. | |||||
CVE-2017-10680 | 1 Piwigo | 1 Piwigo | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
Cross-site request forgery (CSRF) vulnerability in Piwigo through 2.9.1 allows remote attackers to hijack the authentication of users for requests to change a private album to public via a crafted request. | |||||
CVE-2017-7009 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2023-12-10 | 9.3 HIGH | 7.8 HIGH |
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the "IOUSBFamily" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | |||||
CVE-2017-7920 | 1 Abb | 4 Vsn300, Vsn300 Firmware, Vsn300 For React and 1 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An Improper Authentication issue was discovered in ABB VSN300 WiFi Logger Card versions 1.8.15 and prior, and VSN300 WiFi Logger Card for React versions 2.1.3 and prior. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access internal information about status and connected devices without authenticating. | |||||
CVE-2017-8605 | 1 Microsoft | 3 Edge, Windows 10, Windows Server 2016 | 2023-12-10 | 7.6 HIGH | 7.5 HIGH |
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8596, CVE-2017-8601, CVE-2017-8618, CVE-2017-8619, CVE-2017-8610, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8598, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, and CVE-2017-8609. | |||||
CVE-2015-0781 | 1 Novell | 1 Zenworks Configuration Management | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Directory traversal vulnerability in the doPost method of the Rtrlet class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to upload and execute arbitrary files via unspecified vectors. | |||||
CVE-2017-1905 | 2023-12-10 | N/A | N/A | ||
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none | |||||
CVE-2017-8770 | 1 Twsz | 2 Wifi Repeater, Wifi Repeater Firmware | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
There is LFD (local file disclosure) on BE126 WIFI repeater 1.0 devices that allows attackers to read the entire filesystem on the device via a crafted getpage parameter. | |||||
CVE-2016-7469 | 1 F5 | 16 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 13 more | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
A stored cross-site scripting (XSS) vulnerability in the Configuration utility device name change page in BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, PSM, WebAccelerator, WOM and WebSafe version 12.0.0 - 12.1.2, 11.4.0 - 11.6.1, and 11.2.1 allows an authenticated user to inject arbitrary web script or HTML. Exploitation requires Resource Administrator or Administrator privileges, and it could cause the Configuration utility client to become unstable. | |||||
CVE-2017-8557 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
Windows System Information Console in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an information disclosure vulnerability improperly parses XML input containing a reference to an external entity, aka "Windows System Information Console Information Disclosure Vulnerability". | |||||
CVE-2017-15865 | 2 Cumulusnetworks, Frrouting | 2 Cumulus Linux, Frrouting | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
bgpd in FRRouting (FRR) before 2.0.2 and 3.x before 3.0.2, as used in Cumulus Linux before 3.4.3 and other products, allows remote attackers to obtain sensitive information via a malformed BGP UPDATE packet from a connected peer, which triggers transmission of up to a few thousand unintended bytes because of a mishandled attribute length, aka RN-690 (CM-18492). | |||||
CVE-2017-12475 | 1 Axiosys | 1 Bento4 | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
The AP4_Processor::Process function in Core/Ap4Processor.cpp in Bento4 mp4encrypt before 1.5.0-616 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted mp4 file. | |||||
CVE-2017-6762 | 1 Cisco | 1 Jabber Guest | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
A vulnerability in the web-based management interface of Cisco Jabber Guest Server 10.6(9), 11.0(0), and 11.0(1) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected software. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCve09718. | |||||
CVE-2017-9923 | 1 Irfanview | 2 Irfanview, Tools | 2023-12-10 | 4.4 MEDIUM | 7.8 HIGH |
IrfanView version 4.44 (32bit) with TOOLS Plugin 4.50 might allow attackers to cause a denial of service or execute arbitrary code via a crafted file, related to "Data from Faulting Address controls Branch Selection starting at KERNELBASE!EnumResourceTypesInternal+0x0000000000000589." | |||||
CVE-2016-6914 | 2 Microsoft, Ui | 2 Windows, Unifi Video | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
Ubiquiti UniFi Video before 3.8.0 for Windows uses weak permissions for the installation directory, which allows local users to gain SYSTEM privileges via a Trojan horse taskkill.exe file. | |||||
CVE-2017-9208 | 2 Canonical, Qpdf Project | 2 Ubuntu Linux, Qpdf | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, related to releaseResolved functions, aka qpdf-infiniteloop1. |