Search

Search Results (363169 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-15524 1 Kemptechnologies 1 Web Application Firewall 2025-04-20 N/A
The Application Firewall Pack (AFP, aka Web Application Firewall) component on Kemp Load Balancer devices with software before 7.2.40.1 allows a Security Feature Bypass via an HTTP POST request.
CVE-2017-15525 1 Symantec 1 Endpoint Encryption 2025-04-20 N/A
Prior to SEE v11.1.3MP1, Symantec Endpoint Encryption can be susceptible to a denial of service (DoS) attack, which is a type of attack whereby the perpetrator attempts to make a particular machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a specific host within a network.
CVE-2017-15526 1 Symantec 1 Endpoint Encryption 2025-04-20 N/A
Prior to SEE v11.1.3MP1, Symantec Endpoint Encryption can be susceptible to a null pointer de-reference issue, which can result in a NullPointerException that can lead to a privilege escalation scenario.
CVE-2017-15527 1 Symantec 1 Management Console 2025-04-20 N/A
Prior to ITMS 8.1 RU4, the Symantec Management Console can be susceptible to a directory traversal exploit, which is a type of attack that can occur when there is insufficient security validation / sanitization of user-supplied input file names, such that characters representing "traverse to parent directory" are passed through to the file APIs.
CVE-2017-15528 1 Norton 1 Install Norton Security 2025-04-20 3.7 Low
Prior to v 7.6, the Install Norton Security (INS) product can be susceptible to a certificate spoofing vulnerability, which is a type of attack whereby a maliciously procured certificate binds the public key of an attacker to the domain name of the target.
CVE-2017-15529 1 Symantec 1 Norton Family 2025-04-20 N/A
Prior to 4.4.1.10, the Norton Family Android App can be susceptible to a Denial of Service (DoS) exploit. A DoS attack is a type of attack whereby the perpetrator attempts to make a particular device unavailable to its intended user by temporarily or indefinitely disrupting services of a specific host within a network.
CVE-2017-1553 1 Ibm 1 Infosphere Biginsights 2025-04-20 N/A
IBM Infosphere BigInsights 4.2.0 and 4.2.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 131397.
CVE-2017-15530 1 Symantec 1 Norton Family 2025-04-20 N/A
Prior to 4.4.1.10, the Norton Family Android App can be susceptible to an Information Disclosure issue. Information disclosure is a very common issue that attackers will attempt to exploit as a first pass across the application. As they probe the application they will take note of anything that may seem out of place or any bit of information they can use to their advantage such as error messages, system information, user data, version numbers, component names, URL paths, or even simple typos and misspellings.
CVE-2017-15532 1 Symantec 1 Messaging Gateway 2025-04-20 N/A
Prior to 10.6.4, Symantec Messaging Gateway may be susceptible to a path traversal attack (also known as directory traversal). These types of attacks aim to access files and directories that are stored outside the web root folder. By manipulating variables, it may be possible to access arbitrary files and directories stored on the file system including application source code or configuration and critical system files.
CVE-2017-15535 1 Mongodb 1 Mongodb 2025-04-20 N/A
MongoDB 3.4.x before 3.4.10, and 3.5.x-development, has a disabled-by-default configuration setting, networkMessageCompressors (aka wire protocol compression), which exposes a vulnerability when enabled that could be exploited by a malicious attacker to deny service or modify memory.
CVE-2017-15537 1 Linux 1 Linux Kernel 2025-04-20 N/A
The x86/fpu (Floating Point Unit) subsystem in the Linux kernel before 4.13.5, when a processor supports the xsave feature but not the xsaves feature, does not correctly handle attempts to set reserved bits in the xstate header via the ptrace() or rt_sigreturn() system call, allowing local users to read the FPU registers of other processes on the system, related to arch/x86/kernel/fpu/regset.c and arch/x86/kernel/fpu/signal.c.
CVE-2017-15538 1 Ilias 1 Ilias 2025-04-20 N/A
Stored XSS vulnerability in the Media Objects component of ILIAS before 5.1.21 and 5.2.x before 5.2.9 allows an authenticated user to inject JavaScript to gain administrator privileges, related to the setParameter function in Services/MediaObjects/classes/class.ilMediaItem.php.
CVE-2017-15539 1 Zorovavi\/blog Project 1 Zorovavi\/blog 2025-04-20 N/A
SQL Injection exists in zorovavi/blog through 2017-10-17 via the id parameter to recept.php.
CVE-2017-1554 1 Ibm 1 Infosphere Biginsights 2025-04-20 N/A
IBM Infosphere BigInsights 4.2.0 and 4.2.5 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 131398.
CVE-2017-1555 1 Ibm 1 Api Connect 2025-04-20 N/A
IBM API Connect 5.0.0.0 through 5.0.7.2 could allow an authenticated user to generate an API token when not subscribed to the application plan. IBM X-Force ID: 131545.
CVE-2017-1556 1 Ibm 1 Api Connect 2025-04-20 N/A
IBM API Connect 5.0.7.0 through 5.0.7.2 is vulnerable to a regular expression attack that could allow an authenticated attacker to use a regex and cause the system to slow or hang. IBM X-Force ID: 131546.
CVE-2017-15565 2 Debian, Freedesktop 2 Debian Linux, Poppler 2025-04-20 N/A
In Poppler 0.59.0, a NULL Pointer Dereference exists in the GfxImageColorMap::getGrayLine() function in GfxState.cc via a crafted PDF document.
CVE-2017-15566 1 Schedmd 1 Slurm 2025-04-20 N/A
Insecure SPANK environment variable handling exists in SchedMD Slurm before 16.05.11, 17.x before 17.02.9, and 17.11.x before 17.11.0rc2, allowing privilege escalation to root during Prolog or Epilog execution.
CVE-2017-15567 1 Idemia 2 Mso 1300, Mso 1300 Firmware 2025-04-20 N/A
The certificate import component in IDEMIA (formerly Morpho) MorphoSmart 1300 Series (aka MSO 1300 Series) devices allows local users to obtain a command shell, and consequently gain privileges, via unspecified vectors. NOTE: the vendor disputes this because there is no command shell in the product or in the associated SDK
CVE-2017-15687 1 Logitech 1 Media Server 2025-04-20 N/A
DOM Based Cross Site Scripting (XSS) exists in Logitech Media Server 7.7.1, 7.7.2, 7.7.3, 7.7.5, 7.7.6, 7.9.0, and 7.9.1 via a crafted URI.