Search

Search Results (363502 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-1613 1 Ibm 1 Connections 2025-04-20 N/A
IBM Connections 6.0 could allow an unauthenticated remote attacker to gain unauthenticated or unauthorized access to non-sensitive Engagement Center template data. IBM X-Force ID: 132954.
CVE-2017-16227 2 Debian, Quagga 2 Debian Linux, Quagga 2025-04-20 N/A
The aspath_put function in bgpd/bgp_aspath.c in Quagga before 1.2.2 allows remote attackers to cause a denial of service (session drop) via BGP UPDATE messages, because AS_PATH size calculation for long paths counts certain bytes twice and consequently constructs an invalid message.
CVE-2017-16228 1 Dulwich Project 1 Dulwich 2025-04-20 N/A
Dulwich before 0.18.5, when an SSH subprocess is used, allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-1000116, and CVE-2017-1000117.
CVE-2017-16230 1 Typecho 1 Typecho 2025-04-20 N/A
In admin/write-post.php in Typecho through 1.1, one can log in to the background page, write a new article, and add payload in the article content, resulting in XSS via index.php/action/contents-post-edit.
CVE-2017-16239 2 Openstack, Redhat 2 Nova, Openstack 2025-04-20 N/A
In OpenStack Nova through 14.0.9, 15.x through 15.0.7, and 16.x through 16.0.2, by rebuilding an instance, an authenticated user may be able to circumvent the Filter Scheduler bypassing imposed filters (for example, the ImagePropertiesFilter or the IsolatedHostsFilter). All setups using Nova Filter Scheduler are affected. Because of the regression described in Launchpad Bug #1732947, the preferred fix is a 14.x version after 14.0.10, a 15.x version after 15.0.8, or a 16.x version after 16.0.3.
CVE-2017-16237 1 Tgsoft 1 Vir.it Explorer 2025-04-20 N/A
In Vir.IT eXplorer Anti-Virus before 8.5.42, the driver file (VIAGLT64.SYS) contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x8273007C.
CVE-2017-16241 1 Amag 6 En-1dbc, En-1dbc Firmware, En-2dbc and 3 more 2025-04-20 N/A
Incorrect access control in AMAG Symmetry Door Edge Network Controllers (EN-1DBC Boot App 23611 03.60 and STD App 23603 03.60; EN-2DBC Boot App 24451 01.00 and STD App 2461 01.00) enables remote attackers to execute door controller commands (e.g., lock, unlock, add ID card value) by sending unauthenticated requests to the affected devices via Serial over TCP/IP, as demonstrated by a Ud command.
CVE-2017-16244 1 Octobercms 1 October 2025-04-20 N/A
Cross-Site Request Forgery exists in OctoberCMS 1.0.426 (aka Build 426) due to improper validation of CSRF tokens for postback handling, allowing an attacker to successfully take over the victim's account. The attack bypasses a protection mechanism involving X-CSRF headers and CSRF tokens via a certain _handler postback variable.
CVE-2017-16248 1 Catalyst-plugin-static-simple Project 1 Catalyst-plugin-static-simple 2025-04-20 N/A
The Catalyst-Plugin-Static-Simple module before 0.34 for Perl allows remote attackers to read arbitrary files if there is a '.' character anywhere in the pathname, which differs from the intended policy of allowing access only when the filename itself has a '.' character.
CVE-2017-16249 1 Brother 2 Dcp-j132w, Dcp-j132w Firmware 2025-04-20 N/A
The Debut embedded http server contains a remotely exploitable denial of service where a single malformed HTTP POST request can cause the server to hang until eventually replying (~300 seconds) with an HTTP 500 error. While the server is hung, print jobs over the network are blocked and the web interface is inaccessible. An attacker can continuously send this malformed request to keep the device inaccessible to legitimate traffic.
CVE-2017-1628 1 Ibm 1 Business Process Manager 2025-04-20 N/A
IBM Business Process Manager 8.6.0.0 allows authenticated users to stop and resume the Event Manager by calling a REST API with incorrect authorization checks.
CVE-2017-1631 1 Ibm 1 Jazz For Service Management 2025-04-20 N/A
IBM Jazz for Service Management (IBM Tivoli Components 1.1.3) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 133140.
CVE-2017-1632 1 Ibm 1 Sterling File Gateway 2025-04-20 N/A
IBM Sterling File Gateway 2.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133178.
CVE-2017-1635 1 Ibm 1 Tivoli Monitoring 2025-04-20 N/A
IBM Tivoli Monitoring V6 6.2.2.x could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free error. A remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash. IBM X-Force ID: 133243.
CVE-2017-16352 2 Debian, Graphicsmagick 2 Debian Linux, Graphicsmagick 2025-04-20 N/A
GraphicsMagick 1.3.26 is vulnerable to a heap-based buffer overflow vulnerability found in the "Display visual image directory" feature of the DescribeImage() function of the magick/describe.c file. One possible way to trigger the vulnerability is to run the identify command on a specially crafted MIFF format file with the verbose flag.
CVE-2017-16353 2 Debian, Graphicsmagick 2 Debian Linux, Graphicsmagick 2025-04-20 N/A
GraphicsMagick 1.3.26 is vulnerable to a memory information disclosure vulnerability found in the DescribeImage function of the magick/describe.c file, because of a heap-based buffer over-read. The portion of the code containing the vulnerability is responsible for printing the IPTC Profile information contained in the image. This vulnerability can be triggered with a specially crafted MIFF file. There is an out-of-bounds buffer dereference because certain increments are never checked.
CVE-2017-16355 2 Debian, Phusion 2 Debian Linux, Passenger 2025-04-20 4.7 Medium
In agent/Core/SpawningKit/Spawner.h in Phusion Passenger 5.1.10 (fixed in Passenger Open Source 5.1.11 and Passenger Enterprise 5.1.10), if Passenger is running as root, it is possible to list the contents of arbitrary files on a system by symlinking a file named REVISION from the application root folder to a file of choice and querying passenger-status --show=xml.
CVE-2017-16357 1 Radare 1 Radare2 2025-04-20 N/A
In radare 2.0.1, a memory corruption vulnerability exists in store_versioninfo_gnu_verdef() and store_versioninfo_gnu_verneed() in libr/bin/format/elf/elf.c, as demonstrated by an invalid free. This error is due to improper sh_size validation when allocating memory.
CVE-2017-16358 1 Radare 1 Radare2 2025-04-20 N/A
In radare 2.0.1, an out-of-bounds read vulnerability exists in string_scan_range() in libr/bin/bin.c when doing a string search.
CVE-2017-16359 1 Radare 1 Radare2 2025-04-20 N/A
In radare 2.0.1, a pointer wraparound vulnerability exists in store_versioninfo_gnu_verdef() in libr/bin/format/elf/elf.c.