Search

Search Results (363719 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-7422 1 Microfocus 2 Enterprise Developer, Enterprise Server 2025-04-20 N/A
Reflected and stored Cross-Site Scripting (XSS, CWE-79) vulnerabilities in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allow remote authenticated attackers to bypass protection mechanisms (CWE-693) and other security features, if this component is configured. Note esfadmingui is not enabled by default.
CVE-2017-7423 1 Microfocus 2 Enterprise Developer, Enterprise Server 2025-04-20 N/A
A Cross-Site Request Forgery (CWE-352) vulnerability in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers to forge requests, if this component is configured. This includes creating new privileged credentials, resulting in privilege elevation (CWE-275). Note esfadmingui is not enabled by default.
CVE-2017-7424 1 Microfocus 2 Enterprise Developer, Enterprise Server 2025-04-20 N/A
A Path Traversal (CWE-22) vulnerability in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote authenticated users to download arbitrary files from a system running the product, if this component is configured. Note esfadmingui is not enabled by default.
CVE-2017-7425 1 Netiq 1 Imanager 2025-04-20 N/A
Multiple potential reflected XSS issues exist in NetIQ iManager versions before 2.7.7 Patch 10 HF2 and 3.0.3.2.
CVE-2017-7430 2 Netiq, Novell 2 Imanager, Imanager 2025-04-20 N/A
Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have a persistent XSS vulnerability in Framework.
CVE-2017-7431 2 Netiq, Novell 2 Imanager, Imanager 2025-04-20 N/A
Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have persistent CSRF in object management.
CVE-2017-7432 2 Netiq, Novell 2 Imanager, Imanager 2025-04-20 N/A
Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have a webshell upload vulnerability.
CVE-2017-7433 1 Micro Focus 1 Vibe 2025-04-20 N/A
An absolute path traversal vulnerability (CWE-36) in Micro Focus Vibe 4.0.2 and earlier allows a remote authenticated attacker to download arbitrary files from the server by submitting a specially crafted request to the viewFile endpoint. Note that the attack can be performed without authentication if Guest access is enabled (Guest access is disabled by default).
CVE-2017-7439 1 Netapp 1 Oncommand Unified Manager Core Package 2025-04-20 N/A
NetApp OnCommand Unified Manager Core Package 5.x before 5.2.2P1 might allow remote attackers to obtain sensitive information via vectors involving error messages.
CVE-2017-7440 3 Apple, Gfi, Microsoft 4 Macos, Kerio Connect, Kerio Connect Client and 1 more 2025-04-20 6.5 Medium
Kerio Connect 8.0.0 through 9.2.2, and Kerio Connect Client desktop application for Windows and Mac 9.2.0 through 9.2.2, when e-mail preview is enabled, allows remote attackers to conduct clickjacking attacks via a crafted e-mail message.
CVE-2017-7441 1 Sophos 1 Hitmanpro 2025-04-20 N/A
In Sophos SurfRight HitmanPro before 3.7.20 Build 286 (included in the HitmanPro.Alert solution and Sophos Clean), a crafted IOCTL with code 0x22E1C0 might lead to kernel data leaks. Because the leak occurs at the driver level, an attacker can use this vulnerability to leak some critical information about the machine such as nt!ExpPoolQuotaCookie.
CVE-2017-7442 1 Gonitro 1 Nitro Pro 2025-04-20 N/A
Nitro Pro 11.0.3.173 allows remote attackers to execute arbitrary code via saveAs and launchURL calls with directory traversal sequences.
CVE-2017-7443 2 Apt-cacher-ng Project, Apt-cacher Project 2 Apt-cacher-ng, Apt-cacher 2025-04-20 N/A
apt-cacher before 1.7.15 and apt-cacher-ng before 3.4 allow HTTP response splitting via encoded newline characters, related to lack of blocking for the %0[ad] regular expression.
CVE-2017-7444 1 Veritas 1 System Recovery 2025-04-20 N/A
In Veritas System Recovery before 16 SP1, there is a DLL hijacking vulnerability in the patch installer if an attacker has write access to the directory from which the product is executed.
CVE-2017-7448 1 Dropbox 1 Lepton 2025-04-20 N/A
The allocate_channel_framebuffer function in uncompressed_components.hh in Dropbox Lepton 1.2.1 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a malformed JPEG image.
CVE-2017-7450 1 Airtame 2 Hdmi Dongle, Hdmi Dongle Firmware 2025-04-20 N/A
AIRTAME HDMI dongle with firmware before 2.2.0 allows unauthenticated access to a big part of the management interface. It is possible to extract all information including the Wi-Fi password, reboot, or force a software update at an arbitrary time.
CVE-2017-7452 1 Entropymine 1 Imageworsener 2025-04-20 N/A
The iwbmp_read_info_header function in imagew-bmp.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.
CVE-2017-7453 1 Entropymine 1 Imageworsener 2025-04-20 N/A
The iwgif_record_pixel function in imagew-gif.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.
CVE-2017-7454 1 Entropymine 1 Imageworsener 2025-04-20 N/A
The iwgif_record_pixel function in imagew-gif.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file.
CVE-2017-7455 1 Moxa 1 Mxview 2025-04-20 N/A
Moxa MXView 2.8 allows remote attackers to read web server's private key file, no access control.