Total
12227 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-16237 | 1 Tgsoft | 1 Vir.it Explorer | 2025-04-20 | N/A |
| In Vir.IT eXplorer Anti-Virus before 8.5.42, the driver file (VIAGLT64.SYS) contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x8273007C. | ||||
| CVE-2017-16538 | 1 Linux | 1 Linux Kernel | 2025-04-20 | N/A |
| drivers/media/usb/dvb-usb-v2/lmedm04.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (general protection fault and system crash) or possibly have unspecified other impact via a crafted USB device, related to a missing warm-start check and incorrect attach timing (dm04_lme2510_frontend_attach versus dm04_lme2510_tuner). | ||||
| CVE-2017-16544 | 5 Busybox, Canonical, Debian and 2 more | 8 Busybox, Ubuntu Linux, Debian Linux and 5 more | 2025-04-20 | 8.8 High |
| In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. This could potentially result in code execution, arbitrary file writes, or other attacks. | ||||
| CVE-2017-16547 | 1 Graphicsmagick | 1 Graphicsmagick | 2025-04-20 | N/A |
| The DrawImage function in magick/render.c in GraphicsMagick 1.3.26 does not properly look for pop keywords that are associated with push keywords, which allows remote attackers to cause a denial of service (negative strncpy and application crash) or possibly have unspecified other impact via a crafted file. | ||||
| CVE-2017-16691 | 1 Sap | 1 Business Application Software Integrated Solution | 2025-04-20 | N/A |
| SAP Note Assistant tool (SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31,7.40, from 7.50 to 7.52) supports upload of digitally signed note file of type 'SAR'. The digital signature verification is done together with the extraction of note file contained in the SAR archive. It is possible to append a tampered file to the SAR archive using SAPCAR tool and during the extraction, digital signature verification fails but the tampered file is extracted. | ||||
| CVE-2017-15270 | 1 Psftp | 1 Psftpd | 2025-04-20 | N/A |
| The PSFTPd 10.0.4 Build 729 server does not properly escape data before writing it into a Comma Separated Values (CSV) file. This can be used by attackers to hide data in the Graphical User Interface (GUI) view and create arbitrary entries to a certain extent. Special characters such as '"' and ',' and '\r' are not escaped and can be used to add new entries to the log. | ||||
| CVE-2017-15308 | 1 Huawei | 1 Ireader | 2025-04-20 | N/A |
| Huawei iReader app before 8.0.2.301 has an input validation vulnerability due to insufficient validation on the URL used for loading network data. An attacker can control app access and load malicious websites created by the attacker, and the code in webpages would be loaded and run. | ||||
| CVE-2017-15310 | 1 Huawei | 1 Ireader | 2025-04-20 | N/A |
| Huawei iReader app before 8.0.2.301 has an arbitrary file deletion vulnerability due to the lack of input validation. An attacker can exploit this vulnerability to delete specific files from the SD card. | ||||
| CVE-2017-15322 | 1 Huawei | 2 Baggio-l03a, Baggio-l03a Firmware | 2025-04-20 | N/A |
| Some Huawei smartphones with software of BGO-L03C158B003CUSTC158D001 and BGO-L03C331B009CUSTC331D001 have a DoS vulnerability due to insufficient input validation. An attacker could exploit this vulnerability by sending specially crafted NFC messages to the target device. Successful exploit could make a service crash. | ||||
| CVE-2017-1541 | 1 Ibm | 1 Aix | 2025-04-20 | N/A |
| A flaw in the AIX 5.3, 6.1, 7.1, and 7.2 JRE/SDK installp and updatep packages prevented the java.security, java.policy and javaws.policy files from being updated correctly. IBM X-Force ID: 130809. | ||||
| CVE-2017-1556 | 1 Ibm | 1 Api Connect | 2025-04-20 | N/A |
| IBM API Connect 5.0.7.0 through 5.0.7.2 is vulnerable to a regular expression attack that could allow an authenticated attacker to use a regex and cause the system to slow or hang. IBM X-Force ID: 131546. | ||||
| CVE-2017-15591 | 1 Xen | 1 Xen | 2025-04-20 | N/A |
| An issue was discovered in Xen 4.5.x through 4.9.x allowing attackers (who control a stub domain kernel or tool stack) to cause a denial of service (host OS crash) because of a missing comparison (of range start to range end) within the DMOP map/unmap implementation. | ||||
| CVE-2017-15651 | 1 Paessler | 1 Prtg Network Monitor | 2025-04-20 | N/A |
| PRTG Network Monitor 17.3.33.2830 allows remote authenticated administrators to execute arbitrary code by uploading a .exe file and then proceeding in spite of the error message. | ||||
| CVE-2017-15879 | 1 Keystonejs | 1 Keystone | 2025-04-20 | N/A |
| CSV Injection (aka Excel Macro Injection or Formula Injection) exists in admin/server/api/download.js and lib/list/getCSVData.js in KeystoneJS before 4.0.0-beta.7 via a value that is mishandled in a CSV export. | ||||
| CVE-2017-14741 | 1 Imagemagick | 1 Imagemagick | 2025-04-20 | N/A |
| The ReadCAPTIONImage function in coders/caption.c in ImageMagick 7.0.7-3 allows remote attackers to cause a denial of service (infinite loop) via a crafted font file. | ||||
| CVE-2017-14771 | 1 Skyboxsecurity | 1 Skybox Manager Client Application | 2025-04-20 | N/A |
| Skybox Manager Client Application prior to 8.5.501 is prone to an arbitrary file upload vulnerability due to insufficient input validation of user-supplied files path when uploading files via the application. During a debugger-pause state, a local authenticated attacker can upload an arbitrary file and overwrite existing files within the scope of the affected application. | ||||
| CVE-2017-14908 | 1 Google | 1 Android | 2025-04-20 | N/A |
| In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, the SafeSwitch test application does not properly validate the number of blocks to verify. | ||||
| CVE-2017-14909 | 1 Google | 1 Android | 2025-04-20 | N/A |
| In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a count value that is read from a file is not properly validated. | ||||
| CVE-2017-14935 | 1 Pulsesecure | 1 Pulse One On-premise | 2025-04-20 | N/A |
| Pulse Secure Pulse One On-Premise 2.0.1649 and below does not properly validate requests, which allows remote users to query and obtain sensitive information. | ||||
| CVE-2017-14944 | 1 Inedo | 1 Proget | 2025-04-20 | N/A |
| Inedo ProGet before 4.7.14 does not properly address dangerous package IDs during package addition, aka PG-1060. | ||||