Export limit exceeded: 10052 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 364939 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364939 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-11472 1 Linux 1 Linux Kernel 2025-04-20 N/A
The acpi_ns_terminate() function in drivers/acpi/acpica/nsutils.c in the Linux kernel before 4.12 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table.
CVE-2017-11473 3 Canonical, Linux, Redhat 3 Ubuntu Linux, Linux Kernel, Enterprise Linux 2025-04-20 7.8 High
Buffer overflow in the mp_override_legacy_irq() function in arch/x86/kernel/acpi/boot.c in the Linux kernel through 3.2 allows local users to gain privileges via a crafted ACPI table.
CVE-2017-11474 1 Glpi-project 1 Glpi 2025-04-20 N/A
GLPI before 9.1.5.1 has SQL Injection in the $crit variable in inc/computer_softwareversion.class.php, exploitable via ajax/common.tabs.php.
CVE-2017-11475 1 Glpi-project 1 Glpi 2025-04-20 N/A
GLPI before 9.1.5.1 has SQL Injection in the condition rule field, exploitable via front/rulesengine.test.php.
CVE-2017-11478 1 Imagemagick 1 Imagemagick 2025-04-20 N/A
The ReadOneDJVUImage function in coders/djvu.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed DJVU image.
CVE-2017-11479 2 Elastic, Elasticsearch 2 Kibana, Kibana 2025-04-20 N/A
Kibana versions prior to 5.6.1 had a cross-site scripting (XSS) vulnerability in Timelion that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.
CVE-2017-1148 1 Ibm 1 Openpages Grc Platform 2025-04-20 N/A
IBM OpenPages GRC Platform 7.2 and 7.3 with OpenPages Loss Event Entry (LEE) application could allow a user to obtain sensitive information including private APIs that could be used in further attacks against the system. IBM X-Force ID: 122201.
CVE-2017-11480 1 Elasticsearch 1 Packetbeat 2025-04-20 N/A
Packetbeat versions prior to 5.6.4 are affected by a denial of service flaw in the PostgreSQL protocol handler. If Packetbeat is listening for PostgreSQL traffic and a user is able to send arbitrary network traffic to the monitored port, the attacker could prevent Packetbeat from properly logging other PostgreSQL traffic.
CVE-2017-11481 1 Elastic 1 Kibana 2025-04-20 N/A
Kibana versions prior to 6.0.1 and 5.6.5 had a cross-site scripting (XSS) vulnerability via URL fields that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.
CVE-2017-11482 1 Elastic 1 Kibana 2025-04-20 N/A
The Kibana fix for CVE-2017-8451 was found to be incomplete. With X-Pack installed, Kibana versions before 6.0.1 and 5.6.5 have an open redirect vulnerability on the login page that would enable an attacker to craft a link that redirects to an arbitrary website.
CVE-2017-11494 1 Sol-connect 2 Sol.connect Iset-mpp Meter, Sol.connect Iset-mpp Meter Firmware 2025-04-20 N/A
SQL injection vulnerability in SOL.Connect ISET-mpp meter 1.2.4.2 and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter in a login action.
CVE-2017-11495 1 Phicomm 2 K2\(psg1218\), K2\(psg1218\)-firmware 2025-04-20 N/A
PHICOMM K2(PSG1218) devices V22.5.11.5 and earlier allow unauthenticated remote code execution via a request to an unspecified ASP script; alternatively, the attacker can leverage unauthenticated access to this script to trigger a reboot via an ifType=reboot action.
CVE-2017-11496 1 Gemalto 1 Sentinel Ldk Rte 2025-04-20 N/A
Stack buffer overflow in hasplms in Gemalto ACC (Admin Control Center), all versions ranging from HASP SRM 2.10 to Sentinel LDK 7.50, allows remote attackers to execute arbitrary code via malformed ASN.1 streams in V2C and similar input files.
CVE-2017-11497 1 Gemalto 1 Sentinel Ldk Rte 2025-04-20 N/A
Stack buffer overflow in hasplms in Gemalto ACC (Admin Control Center), all versions ranging from HASP SRM 2.10 to Sentinel LDK 7.50, allows remote attackers to execute arbitrary code via language packs containing filenames longer than 1024 characters.
CVE-2017-11498 1 Gemalto 1 Sentinel Ldk Rte 2025-04-20 N/A
Buffer overflow in hasplms in Gemalto ACC (Admin Control Center), all versions ranging from HASP SRM 2.10 to Sentinel LDK 7.50, allows remote attackers to shut down the remote process (a denial of service) via a language pack (ZIP file) with invalid HTML files.
CVE-2017-11499 2 Nodejs, Redhat 2 Node.js, Rhel Software Collections 2025-04-20 N/A
Node.js v4.0 through v4.8.3, all versions of v5.x, v6.0 through v6.11.0, v7.0 through v7.10.0, and v8.0 through v8.1.3 was susceptible to hash flooding remote DoS attacks as the HashTable seed was constant across a given released version of Node.js. This was a result of building with V8 snapshots enabled by default which caused the initially randomized seed to be overwritten on startup.
CVE-2017-1150 1 Ibm 1 Db2 2025-04-20 N/A
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.1, 10.5, and 11.1 could allow an authenticated attacker with specialized access to tables that they should not be permitted to view. IBM Reference #: 1999515.
CVE-2017-11500 1 Metinfo 1 Metinfo 2025-04-20 7.5 High
A directory traversal vulnerability exists in MetInfo 5.3.17. A remote attacker can use ..\ to delete any .zip file via the filenames parameter to /admin/system/database/filedown.php.
CVE-2017-11501 1 Nixos Project 1 Nixos 2025-04-20 N/A
NixOS 17.03 and earlier has an unintended default absence of SSL Certificate Validation for LDAP. The users.ldap NixOS module implements user authentication against LDAP servers via a PAM module. It was found that if TLS is enabled to connect to the LDAP server with users.ldap.useTLS, peer verification will be unconditionally disabled in /etc/ldap.conf.
CVE-2017-11502 1 Cisco 2 Dpc3928ad Docsis Wireless Router, Dpc3928ad Docsis Wireless Router Firmware 2025-04-20 N/A
Technicolor DPC3928AD DOCSIS devices allow remote attackers to read arbitrary files via a request starting with "GET /../" on TCP port 4321.