Search

Search Results (363315 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-2385 1 Apple 1 Safari 2025-04-20 N/A
An issue was discovered in certain Apple products. Safari before 10.1 is affected. The issue involves the "Safari Login AutoFill" component. It allows local users to obtain access to locked keychain items via unspecified vectors.
CVE-2017-2386 1 Apple 3 Iphone Os, Safari, Tvos 2025-04-20 N/A
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.
CVE-2017-2387 1 Apple 1 Apple Music 2025-04-20 N/A
The Apple Music (aka com.apple.android.music) application before 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2017-2388 1 Apple 1 Mac Os X 2025-04-20 N/A
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "IOFireWireFamily" component. It allows attackers to cause a denial of service (NULL pointer dereference) via a crafted app.
CVE-2017-2389 1 Apple 2 Iphone Os, Safari 2025-04-20 N/A
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof an HTTP authentication sheet or cause a denial of service via a crafted web site.
CVE-2017-2390 1 Apple 4 Iphone Os, Mac Os X, Tvos and 1 more 2025-04-20 N/A
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves symlink mishandling in the "libarchive" component. It allows local users to change arbitrary directory permissions via unspecified vectors.
CVE-2017-3152 1 Apache 1 Atlas 2025-04-20 N/A
Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to DOM XSS in the edit-tag functionality.
CVE-2017-17784 3 Canonical, Debian, Gimp 3 Ubuntu Linux, Debian Linux, Gimp 2025-04-20 7.8 High
In GIMP 2.8.22, there is a heap-based buffer over-read in load_image in plug-ins/common/file-gbr.c in the gbr import parser, related to mishandling of UTF-8 data.
CVE-2017-17785 3 Canonical, Debian, Gimp 3 Ubuntu Linux, Debian Linux, Gimp 2025-04-20 7.8 High
In GIMP 2.8.22, there is a heap-based buffer overflow in the fli_read_brun function in plug-ins/file-fli/fli.c.
CVE-2017-17786 3 Canonical, Debian, Gimp 3 Ubuntu Linux, Debian Linux, Gimp 2025-04-20 7.8 High
In GIMP 2.8.22, there is a heap-based buffer over-read in ReadImage in plug-ins/common/file-tga.c (related to bgr2rgb.part.1) via an unexpected bits-per-pixel value for an RGBA image.
CVE-2017-17787 3 Canonical, Debian, Gimp 3 Ubuntu Linux, Debian Linux, Gimp 2025-04-20 7.8 High
In GIMP 2.8.22, there is a heap-based buffer over-read in read_creator_block in plug-ins/common/file-psp.c.
CVE-2017-17788 3 Canonical, Debian, Gimp 3 Ubuntu Linux, Debian Linux, Gimp 2025-04-20 5.5 Medium
In GIMP 2.8.22, there is a stack-based buffer over-read in xcf_load_stream in app/xcf/xcf.c when there is no '\0' character after the version string.
CVE-2017-17789 3 Canonical, Debian, Gimp 3 Ubuntu Linux, Debian Linux, Gimp 2025-04-20 7.8 High
In GIMP 2.8.22, there is a heap-based buffer overflow in read_channel_data in plug-ins/common/file-psp.c.
CVE-2017-17790 2 Redhat, Ruby-lang 3 Enterprise Linux, Rhel Software Collections, Ruby 2025-04-20 N/A
The lazy_initialize function in lib/resolv.rb in Ruby through 2.4.3 uses Kernel#open, which might allow Command Injection attacks, as demonstrated by a Resolv::Hosts::new argument beginning with a '|' character, a different vulnerability than CVE-2017-17405. NOTE: situations with untrusted input may be highly unlikely.
CVE-2017-17792 1 Blogotext Project 1 Blogotext 2025-04-20 N/A
Cross site scripting (XSS) vulnerability in the markup_clean_href function in inc/conv.php in BlogoText through 3.7.6 allows remote attackers to inject arbitrary JavaScript via a comment.
CVE-2017-17793 1 Blogotext Project 1 Blogotext 2025-04-20 N/A
Information Disclosure vulnerability in creer_fichier_zip in admin/maintenance.php in BlogoText through 3.7.6 allows remote attackers to defeat a filename-randomization protection mechanism, and read backup archives on Windows servers, by providing the archiv~1.zip name (aka an 8.3 filename).
CVE-2017-17794 1 Blogotext Project 1 Blogotext 2025-04-20 N/A
validate_form_preferences in admin/preferences.php in BlogoText through 3.7.6 allows attackers to bypass intended access restrictions via vectors related to an e-mail address field.
CVE-2017-17795 1 Ikarussecurity 1 Anti.virus 2025-04-20 N/A
In IKARUS anti.virus 2.16.20, the driver file (ntguard.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83000088.
CVE-2017-17796 1 Tgsoft 1 Vir.it Explorer Lite 2025-04-20 N/A
In TG Soft Vir.IT eXplorer Lite 8.5.65, the driver file (VIRAGTLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x827300A4.
CVE-2017-17797 1 Ikarussecurity 1 Anti.virus 2025-04-20 N/A
In IKARUS anti.virus 2.16.20, the driver file (ntguard.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83000058.