Search

Search Results (364647 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-12819 1 Sentinel 1 Sentinel Ldk Rte Firmware 2025-04-20 N/A
Remote manipulations with language pack updater lead to NTLM-relay attack for system user in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55.
CVE-2017-1282 1 Ibm 1 Content Navigator 2025-04-20 N/A
IBM Content Navigator & CMIS 2.0 and 3.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124760.
CVE-2017-12820 1 Sentinel 1 Sentinel Ldk Rte Firmware 2025-04-20 N/A
Arbitrary memory read from controlled memory pointer in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 leads to remote denial of service.
CVE-2017-12821 1 Sentinel 1 Sentinel Ldk Rte Firmware 2025-04-20 N/A
Memory corruption in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 might cause remote code execution.
CVE-2017-12822 1 Sentinel 1 Sentinel Ldk Rte Firmware 2025-04-20 N/A
Remote enabling and disabling admin interface in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 leads to new attack vectors.
CVE-2017-12823 1 Kaspersky 1 Embedded Systems Security 2025-04-20 N/A
Kernel pool memory corruption in one of drivers in Kaspersky Embedded Systems Security version 1.2.0.300 leads to local privilege escalation.
CVE-2017-12824 1 Inpage 1 Inpage 2025-04-20 N/A
Special crafted InPage document leads to arbitrary code execution in InPage reader.
CVE-2017-1283 1 Ibm 1 Websphere Mq 2025-04-20 N/A
IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user to cause a shared memory leak by MQ applications using dynamic queues, which can lead to lack of resources for other MQ applications. IBM X-Force ID: 125144.
CVE-2017-12836 3 Canonical, Debian, Gnu 3 Ubuntu Linux, Debian Linux, Cvs 2025-04-20 N/A
CVS 1.12.x, when configured to use SSH for remote repositories, might allow remote attackers to execute arbitrary code via a repository URL with a crafted hostname, as demonstrated by "-oProxyCommand=id;localhost:/bar."
CVE-2017-12837 1 Perl 1 Perl 2025-04-20 N/A
Heap-based buffer overflow in the S_regatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service (out-of-bounds write) via a regular expression with a '\N{}' escape and the case-insensitive modifier.
CVE-2017-12838 1 Nexusphp Project 1 Nexusphp 2025-04-20 N/A
Cross-site request forgery (CSRF) vulnerability in NexusPHP 1.5 allows remote attackers to hijack the authentication of users for requests that (1) send manas via a request to mybonus.php or (2) add administrators via unspecified vectors.
CVE-2017-1284 1 Ibm 1 Websphere Mq 2025-04-20 N/A
IBM WebSphere MQ 9.0.1 and 9.0.2 could allow a local user with ability to run or enable trace, to obtain sensitive information from WebSphere Application Server traces including user credentials. IBM X-Force ID: 125145.
CVE-2017-12840 1 Deslock 1 Deslock\+ 2025-04-20 N/A
A kernel driver, namely DLMFENC.sys, bundled with the DESLock+ client application 4.8.16 and earlier contains a locally exploitable heap based buffer overflow in the handling of an IOCTL message of type 0x0FA4204. The vulnerability is present due to the kernel driver failing to allocate sufficient memory on the kernel heap to contain a user supplied string as such the string is copied into a buffer of constant size (0x1000-bytes) and thus an overflow condition results. Access to the kernel driver is permitted through an obfuscated interface whereby bytes of user supplied message are "authenticated" via an obfuscation routine employing a linear equation.
CVE-2017-12843 2 Cyrusimap, Fedoraproject 2 Cyrus Imap, Fedora 2025-04-20 N/A
Cyrus IMAP before 3.0.3 allows remote authenticated users to write to arbitrary files via a crafted (1) SYNCAPPLY, (2) SYNCGET or (3) SYNCRESTORE command.
CVE-2017-12844 1 Icewarp 1 Mail Server 2025-04-20 N/A
Cross-site scripting (XSS) vulnerability in the admin panel in IceWarp Mail Server 10.4.4 allows remote authenticated domain administrators to inject arbitrary web script or HTML via a crafted user name.
CVE-2017-12847 1 Nagios 1 Nagios 2025-04-20 N/A
Nagios Core before 4.3.3 creates a nagios.lock PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for nagios.lock modification before a root script executes a "kill `cat /pathname/nagios.lock`" command.
CVE-2017-12849 1 Silverstripe 1 Silverstripe 2025-04-20 N/A
Response discrepancy in the login and password reset forms in SilverStripe CMS before 3.5.5 and 3.6.x before 3.6.1 allows remote attackers to enumerate users via timing attacks.
CVE-2017-1285 1 Ibm 1 Websphere Mq 2025-04-20 N/A
IBM WebSphere MQ 9.0.1 and 9.0.2 could allow an authenticated user with authority to send a specially crafted message that would cause a channel to remain in a running state but not process messages. IBM X-Force ID: 125146.
CVE-2017-12850 1 Kanboard 1 Kanboard 2025-04-20 N/A
An authenticated standard user could reset the password of other users (including the admin) by altering form data. Affects kanboard before 1.0.46.
CVE-2017-12851 1 Kanboard 1 Kanboard 2025-04-20 N/A
An authenticated standard user could reset the password of the admin by altering form data. Affects kanboard before 1.0.46.