Search

Search Results (364448 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-12786 1 Noviflow 1 Noviware 2025-04-20 N/A
Network interfaces of the cliengine and noviengine services, included in the NoviWare software distribution through NW400.2.6 and deployed on NoviSwitch devices, can be inadvertently exposed if an operator attempts to modify ACLs, because of a bug when ACL modifications are applied. This could be leveraged by remote, unauthenticated attackers to gain resultant privileged (root) code execution on the switch, because there is a stack-based buffer overflow during unserialization of packet data.
CVE-2017-12787 1 Noviflow 1 Noviware 2025-04-20 N/A
A network interface of the novi_process_manager_daemon service, included in the NoviWare software distribution through NW400.2.6 and deployed on NoviSwitch devices, can be inadvertently exposed if an operator attempts to modify ACLs, because of a bug when ACL modifications are applied. This could be leveraged by remote, unauthenticated attackers to gain resultant privileged (root) code execution on the switch, because incoming packet data can contain embedded OS commands, and can also trigger a stack-based buffer overflow.
CVE-2017-12791 1 Saltstack 1 Salt 2025-04-20 N/A
Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.11.7 and 2017.7.x before 2017.7.1 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID.
CVE-2017-12792 1 Nexusphp Project 1 Nexusphp 2025-04-20 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in NexusPHP 1.5 allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) linkname, (2) url, or (3) title parameter in an add action to linksmanage.php.
CVE-2017-12794 1 Djangoproject 1 Django 2025-04-20 N/A
In Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5, HTML autoescaping was disabled in a portion of the template for the technical 500 debug page. Given the right circumstances, this allowed a cross-site scripting attack. This vulnerability shouldn't affect most production sites since you shouldn't run with "DEBUG = True" (which makes this page accessible) in your production settings.
CVE-2017-12796 1 Openmrs 1 Openmrs 2025-04-20 N/A
The Reporting Compatibility Add On before 2.0.4 for OpenMRS, as distributed in OpenMRS Reference Application before 2.6.1, does not authenticate users when deserializing XML input into ReportSchema objects. The result is that remote unauthenticated users are able to execute operating system commands by crafting malicious XML payloads, as demonstrated by a single admin/reports/reportSchemaXml.form request.
CVE-2017-12797 1 Mpg123 1 Mpg123 2025-04-20 N/A
Integer overflow in the INT123_parse_new_id3 function in the ID3 parser in mpg123 before 1.25.5 on 32-bit platforms allows remote attackers to cause a denial of service via a crafted file, which triggers a heap-based buffer overflow.
CVE-2017-12799 1 Gnu 1 Binutils 2025-04-20 N/A
The elf_read_notesfunction in bfd/elf.c in GNU Binutils 2.29 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file.
CVE-2017-12800 1 Matroska 3 Libebml2, Mkclean, Mkvalidator 2025-04-20 N/A
The EBML_FindNextElement function in ebmlmain.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (Null pointer dereference and application crash) via a crafted mkv file.
CVE-2017-12801 1 Matroska 3 Libebml2, Mkclean, Mkvalidator 2025-04-20 N/A
The UpdateDataSize function in ebmlmaster.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (assert fault) via a crafted mkv file.
CVE-2017-12802 1 Matroska 3 Libebml2, Mkclean, Mkvalidator 2025-04-20 N/A
The EBML_IntegerValue function in ebmlnumber.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (assert fault) via a crafted mkv file.
CVE-2017-12803 1 Matroska 1 Mkclean 2025-04-20 N/A
The Node_ValidatePtr function in corec/corec/node/node.c in mkclean 0.8.9 allows remote attackers to cause a denial of service (assert fault) via a crafted mkv file.
CVE-2017-12809 2 Debian, Qemu 2 Debian Linux, Qemu 2025-04-20 6.5 Medium
QEMU (aka Quick Emulator), when built with the IDE disk and CD/DVD-ROM Emulator support, allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) by flushing an empty CDROM device drive.
CVE-2017-12811 1 Stivasoft 1 Phpjabbers Star Rating Script 2025-04-20 N/A
PHPJabbers Star Rating Script 4.0 has stored XSS via a rating item.
CVE-2017-12814 2 Microsoft, Perl 2 Windows, Perl 2025-04-20 N/A
Stack-based buffer overflow in the CPerlHost::Add method in win32/perlhost.h in Perl before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 on Windows allows attackers to execute arbitrary code via a long environment variable.
CVE-2017-12816 1 Kaspersky 1 Internet Security 2025-04-20 9.8 Critical
In Kaspersky Internet Security for Android 11.12.4.1622, some of application exports activities have weak permissions, which might be used by a malware application to get unauthorized access to the product functionality by using Android IPC.
CVE-2017-12817 1 Kaspersky 1 Internet Security 2025-04-20 7.5 High
In Kaspersky Internet Security for Android 11.12.4.1622, some of the application trace files were not encrypted.
CVE-2017-12818 1 Sentinel 1 Sentinel Ldk Rte Firmware 2025-04-20 N/A
Stack overflow in custom XML-parser in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 leads to remote denial of service.
CVE-2017-12819 1 Sentinel 1 Sentinel Ldk Rte Firmware 2025-04-20 N/A
Remote manipulations with language pack updater lead to NTLM-relay attack for system user in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55.
CVE-2017-1282 1 Ibm 1 Content Navigator 2025-04-20 N/A
IBM Content Navigator & CMIS 2.0 and 3.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124760.