Search

Search Results (363337 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-14022 1 Rockwellautomation 1 Factorytalk Alarms And Events 2025-04-20 N/A
An Improper Input Validation issue was discovered in Rockwell Automation FactoryTalk Alarms and Events, Version 2.90 and earlier. An unauthenticated attacker with remote access to a network with FactoryTalk Alarms and Events can send a specially crafted set of packets packet to Port 403/TCP (the history archiver service), causing the service to either stall or terminate.
CVE-2017-14023 1 Siemens 2 Simatic Pcs7, Simatic Wincc 2025-04-20 4.9 Medium
An Improper Input Validation issue was discovered in Siemens SIMATIC PCS 7 V8.1 prior to V8.1 SP1 with WinCC V7.3 Upd 13, and V8.2 all versions. The improper input validation vulnerability has been identified, which may allow an authenticated remote attacker who is a member of the administrators group to crash services by sending specially crafted messages to the DCOM interface.
CVE-2017-14024 1 Schneider-electric 2 Wonderware Indusoft Web Studio, Wonderware Intouch 2025-04-20 N/A
A Stack-based Buffer Overflow issue was discovered in Schneider Electric InduSoft Web Studio v8.0 SP2 Patch 1 and prior versions, and InTouch Machine Edition v8.0 SP2 Patch 1 and prior versions. The stack-based buffer overflow vulnerability has been identified, which may allow remote code execution with high privileges.
CVE-2017-14025 1 Hitachienergy 2 Fox515t, Fox515t Firmware 2025-04-20 N/A
An Improper Input Validation issue was discovered in ABB FOX515T release 1.0. An improper input validation vulnerability has been identified, allowing a local attacker to provide a malicious parameter to the script that is not validated by the application, This could enable the attacker to retrieve any file on the server.
CVE-2017-14027 1 Korenix 18 Jetnet5018g Firmware, Jetnet5310g Firmware, Jetnet5428g-2g-2fx Firmware and 15 more 2025-04-20 N/A
A Use of Hard-coded Credentials issue was discovered in Korenix JetNet JetNet5018G version 1.4, JetNet5310G version 1.4a, JetNet5428G-2G-2FX version 1.4, JetNet5628G-R version 1.4, JetNet5628G version 1.4, JetNet5728G-24P version 1.4, JetNet5828G version 1.1d, JetNet6710G-HVDC version 1.1e, and JetNet6710G version 1.1. The software uses undocumented hard-coded credentials that may allow an attacker to gain remote access.
CVE-2017-12927 1 Cacti 1 Cacti 2025-04-20 N/A
A cross-site scripting vulnerability exists in Cacti 1.1.17 in the method parameter in spikekill.php.
CVE-2017-12928 1 Tecnovision 1 Dlx Spot Player4 2025-04-20 N/A
A hard-coded password of tecn0visi0n for the dlxuser account in TecnoVISION DLX Spot Player4 (all known versions) allows remote attackers to log in via SSH and escalate privileges to root access with the same credentials.
CVE-2017-12929 1 Tecnovision 1 Dlx Spot Player4 2025-04-20 N/A
Arbitrary File Upload in resource.php of TecnoVISION DLX Spot Player4 version >1.5.10 allows remote authenticated users to upload arbitrary files leading to Remote Command Execution.
CVE-2017-12930 1 Tecnovision 1 Dlx Spot Player4 2025-04-20 N/A
SQL Injection in the admin interface in TecnoVISION DLX Spot Player4 version >1.5.10 allows remote unauthenticated users to access the web interface as administrator via a crafted password.
CVE-2017-12932 2 Php, Redhat 2 Php, Rhel Software Collections 2025-04-20 N/A
ext/standard/var_unserializer.re in PHP 7.0.x through 7.0.22 and 7.1.x through 7.1.8 is prone to a heap use after free while unserializing untrusted data, related to improper use of the hash API for key deletion in a situation with an invalid array size. Exploitation of this issue can have an unspecified impact on the integrity of PHP.
CVE-2017-12933 2 Php, Redhat 2 Php, Rhel Software Collections 2025-04-20 N/A
The finish_nested_data function in ext/standard/var_unserializer.re in PHP before 5.6.31, 7.0.x before 7.0.21, and 7.1.x before 7.1.7 is prone to a buffer over-read while unserializing untrusted data. Exploitation of this issue can have an unspecified impact on the integrity of PHP.
CVE-2017-12934 2 Php, Redhat 2 Php, Rhel Software Collections 2025-04-20 N/A
ext/standard/var_unserializer.re in PHP 7.0.x before 7.0.21 and 7.1.x before 7.1.7 is prone to a heap use after free while unserializing untrusted data, related to the zval_get_type function in Zend/zend_types.h. Exploitation of this issue can have an unspecified impact on the integrity of PHP.
CVE-2017-12935 2 Debian, Graphicsmagick 2 Debian Linux, Graphicsmagick 2025-04-20 N/A
The ReadMNGImage function in coders/png.c in GraphicsMagick 1.3.26 mishandles large MNG images, leading to an invalid memory read in the SetImageColorCallBack function in magick/image.c.
CVE-2017-12936 2 Debian, Graphicsmagick 2 Debian Linux, Graphicsmagick 2025-04-20 N/A
The ReadWMFImage function in coders/wmf.c in GraphicsMagick 1.3.26 has a use-after-free issue for data associated with exception reporting.
CVE-2017-12937 2 Debian, Graphicsmagick 2 Debian Linux, Graphicsmagick 2025-04-20 N/A
The ReadSUNImage function in coders/sun.c in GraphicsMagick 1.3.26 has a colormap heap-based buffer over-read.
CVE-2017-12938 1 Rarlab 1 Unrar 2025-04-20 N/A
UnRAR before 5.5.7 allows remote attackers to bypass a directory-traversal protection mechanism via vectors involving a symlink to the . directory, a symlink to the .. directory, and a regular file.
CVE-2017-12939 2 Microsoft, Unity3d 2 Windows, Unity Editor 2025-04-20 N/A
A Remote Code Execution vulnerability was identified in all Windows versions of Unity Editor, e.g., before 5.3.8p2, 5.4.x before 5.4.5p5, 5.5.x before 5.5.4p3, 5.6.x before 5.6.3p1, and 2017.x before 2017.1.0p4.
CVE-2017-12940 1 Rarlab 1 Unrar 2025-04-20 N/A
libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the EncodeFileName::Decode call within the Archive::ReadHeader15 function.
CVE-2017-12941 1 Rarlab 1 Unrar 2025-04-20 N/A
libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the Unpack::Unpack20 function.
CVE-2017-12942 1 Rarlab 1 Unrar 2025-04-20 N/A
libunrar.a in UnRAR before 5.5.7 has a buffer overflow in the Unpack::LongLZ function.