Search

Search Results (364840 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-7623 1 Entropymine 1 Imageworsener 2025-04-20 N/A
The iwmiffr_convert_row32 function in imagew-miff.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file.
CVE-2017-7624 1 Entropymine 1 Imageworsener 2025-04-20 N/A
The iw_read_bmp_file function in imagew-bmp.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to consume an amount of available memory via a crafted file.
CVE-2017-7625 1 Fiyo 1 Fiyo Cms 2025-04-20 N/A
In Fiyo CMS 2.x through 2.0.7, attackers may upload a webshell via the content parameter to "/dapur/apps/app_theme/libs/save_file.php" and then execute code.
CVE-2017-7626 1 Smart Related Articles Project 1 Smart Related Articles 2025-04-20 N/A
The "Smart related articles" extension 1.1 for Joomla! has XSS in dialog.php (n_art,type in GET Method).
CVE-2017-7627 1 Smart Related Articles Project 1 Smart Related Articles 2025-04-20 N/A
The "Smart related articles" extension 1.1 for Joomla! does not prevent direct requests to dialog.php (there is a missing _JEXEC check).
CVE-2017-7628 1 Smart Related Articles Project 1 Smart Related Articles 2025-04-20 N/A
The "Smart related articles" extension 1.1 for Joomla! has SQL injection in dialog.php (attacker must use search_cats variable in POST method to exploit this vulnerability).
CVE-2017-7629 1 Qnap 1 Qts 2025-04-20 N/A
QNAP QTS before 4.2.6 build 20170517 has a flaw in the change password function.
CVE-2017-7642 1 Hashicorp 1 Vagrant Vmware Fusion 2025-04-20 N/A
The sudo helper in the HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) before 4.0.21 allows local users to gain root privileges by leveraging failure to verify the path to the encoded ruby script or scrub the PATH variable.
CVE-2017-7643 1 Proxifier 1 Proxifier 2025-04-20 7.8 High
Proxifier for Mac before 2.19 allows local users to gain privileges via the first parameter to the KLoader setuid program.
CVE-2017-7644 1 Paloaltonetworks 1 Pan-os 2025-04-20 N/A
The Management Web Interface in Palo Alto Networks PAN-OS before 6.1.17, 7.x before 7.0.15, and 7.1.x before 7.1.9 allows remote authenticated users to obtain sensitive information by leveraging incorrect permission validation, aka PAN-SA-2017-0013 and PAN-70541.
CVE-2017-7646 1 Solarwinds 1 Log \& Event Manager 2025-04-20 N/A
SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4 allows an authenticated user to browse the server's filesystem and read the contents of arbitrary files contained within.
CVE-2017-7647 1 Solarwinds 1 Log \& Event Manager 2025-04-20 N/A
SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4 allows an authenticated user to execute arbitrary commands.
CVE-2017-7648 1 Foscam 12 C1, C1 Lite, C2 and 9 more 2025-04-20 N/A
Foscam networked devices use the same hardcoded SSL private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation.
CVE-2017-7649 1 Eclipse 1 Kura 2025-04-20 N/A
The network enabled distribution of Kura before 2.1.0 takes control over the device's firewall setup but does not allow IPv6 firewall rules to be configured. Still the Equinox console port 5002 is left open, allowing to log into Kura without any user credentials over unencrypted telnet and executing commands using the Equinox "exec" command. As the process is running as "root" full control over the device can be acquired. IPv6 is also left in auto-configuration mode, accepting router advertisements automatically and assigns a MAC address based IPv6 address.
CVE-2017-7650 2 Debian, Eclipse 2 Debian Linux, Mosquitto 2025-04-20 N/A
In Mosquitto before 1.4.12, pattern based ACLs can be bypassed by clients that set their username/client id to '#' or '+'. This allows locally or remotely connected clients to access MQTT topics that they do have the rights to. The same issue may be present in third party authentication/access control plugins for Mosquitto.
CVE-2017-7659 2 Apache, Redhat 2 Http Server, Rhel Software Collections 2025-04-20 N/A
A maliciously constructed HTTP/2 request could cause mod_http2 in Apache HTTP Server 2.4.24, 2.4.25 to dereference a NULL pointer and crash the server process.
CVE-2017-7660 1 Apache 1 Solr 2025-04-20 N/A
Apache Solr uses a PKI based mechanism to secure inter-node communication when security is enabled. It is possible to create a specially crafted node name that does not exist as part of the cluster and point it to a malicious node. This can trick the nodes in cluster to believe that the malicious node is a member of the cluster. So, if Solr users have enabled BasicAuth authentication mechanism using the BasicAuthPlugin or if the user has implemented a custom Authentication plugin, which does not implement either "HttpClientInterceptorPlugin" or "HttpClientBuilderPlugin", his/her servers are vulnerable to this attack. Users who only use SSL without basic authentication or those who use Kerberos are not affected.
CVE-2017-7661 1 Apache 1 Cxf Fediz 2025-04-20 N/A
Apache CXF Fediz ships with a number of container-specific plugins to enable WS-Federation for applications. A CSRF (Cross Style Request Forgery) style vulnerability has been found in the Spring 2, Spring 3, Jetty 8 and Jetty 9 plugins in Apache CXF Fediz prior to 1.4.0, 1.3.2 and 1.2.4.
CVE-2017-7662 1 Apache 1 Cxf Fediz 2025-04-20 N/A
Apache CXF Fediz ships with an OpenId Connect (OIDC) service which has a Client Registration Service, which is a simple web application that allows clients to be created, deleted, etc. A CSRF (Cross Style Request Forgery) style vulnerability has been found in this web application in Apache CXF Fediz prior to 1.4.0 and 1.3.2, meaning that a malicious web application could create new clients, or reset secrets, etc, after the admin user has logged on to the client registration service and the session is still active.
CVE-2017-7663 1 Apache 1 Openmeetings 2025-04-20 N/A
Both global and Room chat are vulnerable to XSS attack in Apache OpenMeetings 3.2.0.