Search

Search Results (363333 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-15894 1 Synology 1 Diskstation Manager 2025-04-20 N/A
Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology DiskStation Manager (DSM) 6.0.x before 6.0.3-8754-3 and before 5.2-5967-6 allows remote authenticated users to write arbitrary files via the dest_folder_path parameter.
CVE-2017-15895 1 Synology 1 Router Manager 2025-04-20 N/A
Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology Router Manager (SRM) before 1.1.5-6542-4 allows remote authenticated users to write arbitrary files via the dest_folder_path parameter.
CVE-2017-15896 1 Nodejs 1 Node.js 2025-04-20 9.1 Critical
Node.js was affected by OpenSSL vulnerability CVE-2017-3737 in regards to the use of SSL_read() due to TLS handshake failure. The result was that an active network attacker could send application data to Node.js using the TLS or HTTP2 modules in a way that bypassed TLS authentication and encryption.
CVE-2017-15897 1 Nodejs 1 Node.js 2025-04-20 3.1 Low
Node.js had a bug in versions 8.X and 9.X which caused buffers to not be initialized when the encoding for the fill value did not match the encoding specified. For example, 'Buffer.alloc(0x100, "This is not correctly encoded", "hex");' The buffer implementation was updated such that the buffer will be initialized to all zeros in these cases.
CVE-2017-15907 1 Phpcollab 1 Phpcollab 2025-04-20 N/A
SQL injection vulnerability in phpCollab 2.5.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter to newsdesk/newsdesk.php.
CVE-2017-15908 2 Canonical, Systemd Project 2 Ubuntu Linux, Systemd 2025-04-20 7.5 High
In systemd 223 through 235, a remote DNS server can respond with a custom crafted DNS NSEC resource record to trigger an infinite loop in the dns_packet_read_type_window() function of the 'systemd-resolved' service and cause a DoS of the affected service.
CVE-2017-15909 1 Dlink 2 Dgs-1500, Dgs-1500 Firmware 2025-04-20 N/A
D-Link DGS-1500 Ax devices before 2.51B021 have a hardcoded password, which allows remote attackers to obtain shell access.
CVE-2017-1591 1 Ibm 1 Datapower Gateway 2025-04-20 N/A
IBM WebSphere DataPower Appliances 7.0.0 through 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 132368.
CVE-2017-15911 1 Igniterealtime 1 Openfire 2025-04-20 N/A
The Admin Console in Ignite Realtime Openfire Server before 4.1.7 allows arbitrary client-side JavaScript code execution on victims who click a crafted setup/setup-host-settings.jsp?domain= link, aka XSS. Session ID and data theft may follow as well as the possibility of bypassing CSRF protections, injection of iframes to establish communication channels, etc. The vulnerability is present after login into the application.
CVE-2017-15917 1 Paessler 1 Prtg Network Monitor 2025-04-20 N/A
In Paessler PRTG Network Monitor 17.3.33.2830, it's possible to create a Map as a read-only user, by forging a request and sending it to the server.
CVE-2017-15918 1 Ignitum 1 Sera 2025-04-20 N/A
Sera 1.2 stores the user's login password in plain text in their home directory. This makes privilege escalation trivial and also exposes the user and system keychains to local attacks.
CVE-2017-15919 1 Accesspressthemes 1 Ultimate-form-builder-lite 2025-04-20 N/A
The ultimate-form-builder-lite plugin before 1.3.7 for WordPress has SQL Injection, with resultant PHP Object Injection, via wp-admin/admin-ajax.php.
CVE-2017-15920 1 Watchdogdevelopment 2 Anti-malware, Online Security Pro 2025-04-20 N/A
In Watchdog Anti-Malware 2.74.186.150 and Online Security Pro 2.74.186.150, the zam32.sys driver contains a NULL pointer dereference vulnerability that gets triggered when sending an operation to ioctl 0x80002054. This is due to the input buffer being NULL or the input buffer size being 0 as they are not validated.
CVE-2017-15921 1 Watchdogdevelopment 2 Anti-malware, Online Security Pro 2025-04-20 N/A
In Watchdog Anti-Malware 2.74.186.150 and Online Security Pro 2.74.186.150, the zam32.sys driver contains a NULL pointer dereference vulnerability that gets triggered when sending an operation to ioctl 0x80002010. This is due to the input buffer being NULL or the input buffer size being 0 as they are not validated.
CVE-2017-15922 1 Gnu 1 Libextractor 2025-04-20 N/A
In GNU Libextractor 1.4, there is an out-of-bounds read in the EXTRACTOR_dvi_extract_method function in plugins/dvi_extractor.c.
CVE-2017-15923 2 Debian, Konversation 2 Debian Linux, Konversation 2025-04-20 N/A
Konversation 1.4.x, 1.5.x, 1.6.x, and 1.7.x before 1.7.3 allow remote attackers to cause a denial of service (crash) via vectors related to parsing of IRC color formatting codes.
CVE-2017-15965 1 Nswd 1 Ns Download Shop 2025-04-20 N/A
The NS Download Shop (aka com_ns_downloadshop) component 2.2.6 for Joomla! allows SQL Injection via the id parameter in an invoice.create action.
CVE-2017-15924 2 Debian, Shadowsocks 2 Debian Linux, Shadowsocks-libev 2025-04-20 N/A
In manager.c in ss-manager in shadowsocks-libev 3.1.0, improper parsing allows command injection via shell metacharacters in a JSON configuration request received via 127.0.0.1 UDP traffic, related to the add_server, build_config, and construct_command_line functions.
CVE-2017-15928 1 Ox Project 1 Ox 2025-04-20 N/A
In the Ox gem 2.8.0 for Ruby, the process crashes with a segmentation fault when a crafted input is supplied to parse_obj. NOTE: the vendor has stated "Ox should handle the error more gracefully" but has not confirmed a security implication.
CVE-2017-1593 1 Ibm 1 Rational Doors Next Generation 2025-04-20 N/A
IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 132494.