Total
12760 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-10923 | 1 Xen | 1 Xen | 2025-04-20 | N/A |
| Xen through 4.8.x does not validate a vCPU array index upon the sending of an SGI, which allows guest OS users to cause a denial of service (hypervisor crash), aka XSA-225. | ||||
| CVE-2017-10953 | 1 Foxitsoftware | 1 Foxit Reader | 2025-04-20 | N/A |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.0.14878. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the gotoURL method. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5030. | ||||
| CVE-2017-11027 | 1 Google | 1 Android | 2025-04-20 | N/A |
| In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while flashing UBI image, size is not validated for being smaller than minimum header size causing unintialized data access vulnerability. | ||||
| CVE-2017-11098 | 1 Swftools | 1 Swftools | 2025-04-20 | N/A |
| When SWFTools 0.9.2 processes a crafted file in png2swf, it can lead to a Segmentation Violation in the png_load() function in lib/png.c. | ||||
| CVE-2017-11099 | 1 Swftools | 1 Swftools | 2025-04-20 | N/A |
| When SWFTools 0.9.2 processes a crafted file in wav2swf, it can lead to a Segmentation Violation in the wav_convert2mono() function in lib/wav.c. | ||||
| CVE-2017-11177 | 1 Websense | 1 Triton Ap Email | 2025-04-20 | N/A |
| TRITON AP-EMAIL 8.2 before 8.2 IB does not properly restrict file access in an unspecified directory. | ||||
| CVE-2017-11183 | 1 Glpi-project | 1 Glpi | 2025-04-20 | N/A |
| front/backup.php in GLPI before 9.1.5 allows remote authenticated administrators to delete arbitrary files via a crafted file parameter. | ||||
| CVE-2017-11342 | 1 Libsass | 1 Libsass | 2025-04-20 | N/A |
| There is an illegal address access in ast.cpp of LibSass 3.4.5. A crafted input will lead to a remote denial of service attack. | ||||
| CVE-2017-11346 | 1 Zohocorp | 1 Manageengine Desktop Central | 2025-04-20 | N/A |
| Zoho ManageEngine Desktop Central before build 100092 allows remote attackers to execute arbitrary code via vectors involving the upload of help desk videos. | ||||
| CVE-2017-11360 | 1 Imagemagick | 1 Imagemagick | 2025-04-20 | N/A |
| The ReadRLEImage function in coders\rle.c in ImageMagick 7.0.6-1 has a large loop vulnerability via a crafted rle file that triggers a huge number_pixels value. | ||||
| CVE-2017-11393 | 1 Trendmicro | 1 Officescan | 2025-04-20 | N/A |
| Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the tr parameter within Proxy.php. Formerly ZDI-CAN-4543. | ||||
| CVE-2017-11402 | 1 Belden | 2 Tofino Xenon Security Appliance, Tofino Xenon Security Appliance Firmware | 2025-04-20 | N/A |
| An issue has been discovered on the Belden Hirschmann Tofino Xenon Security Appliance before 03.2.00. Design flaws in OPC classic and in custom netfilter modules allow an attacker to remotely activate rules on the firewall and to connect to any TCP port of a protected asset, thus bypassing the firewall. The attack methodology is a crafted OPC dynamic port shift. | ||||
| CVE-2017-11411 | 1 Wireshark | 1 Wireshark | 2025-04-20 | N/A |
| In Wireshark through 2.0.13 and 2.2.x through 2.2.7, the openSAFETY dissector could crash or exhaust system memory. This was addressed in epan/dissectors/packet-opensafety.c by adding length validation. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-9350. | ||||
| CVE-2017-11450 | 2 Debian, Imagemagick | 2 Debian Linux, Imagemagick | 2025-04-20 | 8.8 High |
| coders/jpeg.c in ImageMagick before 7.0.6-1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via JPEG data that is too short. | ||||
| CVE-2017-11461 | 1 Netapp | 1 Oncommand Unified Manager | 2025-04-20 | N/A |
| NetApp OnCommand Unified Manager for 7-mode (core package) versions prior to 5.2.1 are susceptible to a clickjacking or "UI redress attack" which could be used to cause a user to perform an unintended action in the user interface. | ||||
| CVE-2017-11495 | 1 Phicomm | 2 K2\(psg1218\), K2\(psg1218\)-firmware | 2025-04-20 | N/A |
| PHICOMM K2(PSG1218) devices V22.5.11.5 and earlier allow unauthenticated remote code execution via a request to an unspecified ASP script; alternatively, the attacker can leverage unauthenticated access to this script to trigger a reboot via an ifType=reboot action. | ||||
| CVE-2017-11522 | 1 Imagemagick | 1 Imagemagick | 2025-04-20 | N/A |
| The WriteOnePNGImage function in coders/png.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file. | ||||
| CVE-2017-11523 | 1 Imagemagick | 1 Imagemagick | 2025-04-20 | N/A |
| The ReadTXTImage function in coders/txt.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (infinite loop) via a crafted file, because the end-of-file condition is not considered. | ||||
| CVE-2017-11555 | 1 Libsass | 1 Libsass | 2025-04-20 | N/A |
| There is an illegal address access in the Eval::operator function in eval.cpp in LibSass 3.4.5. A crafted input will lead to a remote denial of service. | ||||
| CVE-2017-11665 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-20 | N/A |
| The ff_amf_get_field_value function in libavformat/rtmppkt.c in FFmpeg 3.3.2 allows remote RTMP servers to cause a denial of service (Segmentation Violation and application crash) via a crafted stream. | ||||