Search

Search Results (365297 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-9610 1 Artifex 1 Ghostscript Ghostxps 2025-04-20 N/A
The xps_load_sfnt_name function in xps/xpsfont.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document.
CVE-2017-9611 2 Artifex, Debian 2 Ghostscript, Debian Linux 2025-04-20 7.8 High
The Ins_MIRP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document.
CVE-2017-9612 2 Artifex, Debian 2 Ghostscript Ghostxps, Debian Linux 2025-04-20 N/A
The Ins_IP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact via a crafted document.
CVE-2017-9613 1 Sap 1 Successfactors 2025-04-20 N/A
Stored Cross-site scripting (XSS) vulnerability in SAP SuccessFactors before b1705.1234962 allows remote authenticated users to inject arbitrary web script or HTML via the file upload functionality.
CVE-2017-9614 1 D.r.commander 1 Libjpeg-turbo 2025-04-20 8.8 High
The fill_input_buffer function in jdatasrc.c in libjpeg-turbo 1.5.1 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted jpg file. NOTE: Maintainer asserts the issue is due to a bug in downstream code caused by misuse of the libjpeg API
CVE-2017-9615 1 Cognito 1 Moneyworks 2025-04-20 N/A
Password exposure in Cognito Software Moneyworks 8.0.3 and earlier allows attackers to gain administrator access to all data, because verbose logging writes the administrator password to a world-readable file.
CVE-2017-9616 1 Wireshark 1 Wireshark 2025-04-20 N/A
In Wireshark 2.2.7, overly deep mp4 chunks may cause stack exhaustion (uncontrolled recursion) in the dissect_mp4_box function in epan/dissectors/file-mp4.c.
CVE-2017-9617 1 Wireshark 1 Wireshark 2025-04-20 N/A
In Wireshark 2.2.7, deeply nested DAAP data may cause stack exhaustion (uncontrolled recursion) in the dissect_daap_one_tag function in epan/dissectors/packet-daap.c in the DAAP dissector.
CVE-2017-9618 1 Artifex 1 Ghostscript Ghostxps 2025-04-20 N/A
The xps_load_sfnt_name function in xps/xpsfont.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted document.
CVE-2017-9619 1 Artifex 1 Ghostscript Ghostxps 2025-04-20 N/A
The xps_true_callback_glyph_name function in xps/xpsttf.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (Segmentation Violation and application crash) via a crafted file.
CVE-2017-9620 1 Artifex 1 Ghostscript Ghostxps 2025-04-20 N/A
The xps_select_font_encoding function in xps/xpsfont.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document, related to the xps_encode_font_char_imp function.
CVE-2017-9621 1 Epesi 1 Epesi 2025-04-20 6.1 Medium
Cross-site scripting (XSS) vulnerability in modules/Base/Lang/Administrator/update_translation.php in EPESI in Telaxus/EPESI 1.8.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) original or (2) new parameter.
CVE-2017-9622 1 Epesi 1 Epesi 2025-04-20 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Telaxus/EPESI 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted common data.
CVE-2017-9623 1 Epesi 1 Epesi 2025-04-20 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Telaxus/EPESI 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted country data.
CVE-2017-9624 1 Epesi 1 Epesi 2025-04-20 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Telaxus/EPESI 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted currency decimal-sign data.
CVE-2017-9625 1 Envitech 1 Envidas Ultimate 2025-04-20 N/A
An Improper Authentication issue was discovered in Envitech EnviDAS Ultimate Versions prior to v1.0.0.5. The web application lacks proper authentication which could allow an attacker to view information and modify settings or execute code remotely.
CVE-2017-9627 1 Schneider-electric 1 Wonderware Archestra Logger 2025-04-20 8.6 High
An Uncontrolled Resource Consumption issue was discovered in Schneider Electric Wonderware ArchestrA Logger, versions 2017.426.2307.1 and prior. The uncontrolled resource consumption vulnerability could allow an attacker to exhaust the memory resources of the machine, causing a denial of service.
CVE-2017-9628 1 Saia Burgess Controls 2 Pcd Controllers, Pcd Controllers Firmware 2025-04-20 N/A
An Information Exposure issue was discovered in Saia Burgess Controls PCD Controllers with PCD firmware versions prior to 1.28.16 or 1.24.69. In certain circumstances, the device pads Ethernet frames with memory contents.
CVE-2017-9629 1 Schneider-electric 1 Wonderware Archestra Logger 2025-04-20 9.8 Critical
A Stack-Based Buffer Overflow issue was discovered in Schneider Electric Wonderware ArchestrA Logger, versions 2017.426.2307.1 and prior. The stack-based buffer overflow vulnerability has been identified, which may allow a remote attacker to execute arbitrary code in the context of a highly privileged account.
CVE-2017-9630 1 Pdqinc 22 Laserjet, Laserjet Firmware, Laserwash 360 and 19 more 2025-04-20 N/A
An Improper Authentication issue was discovered in PDQ Manufacturing LaserWash G5 and G5 S Series all versions, LaserWash M5, all versions, LaserWash 360 and 360 Plus, all versions, LaserWash AutoXpress and AutoExpress Plus, all versions, LaserJet, all versions, ProTouch Tandem, all versions, ProTouch ICON, all versions, and ProTouch AutoGloss, all versions. The web server does not properly verify that provided authentication information is correct.