Total
83407 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-2825 | 2 Debian, Zabbix | 2 Debian Linux, Zabbix | 2024-11-21 | 6.8 MEDIUM | 7.0 HIGH |
| In the trapper functionality of Zabbix Server 2.4.x, specifically crafted trapper packets can pass database logic checks, resulting in database writes. An attacker can set up a Man-in-the-Middle server to alter trapper requests made between an active Zabbix proxy and Server to trigger this vulnerability. | |||||
| CVE-2017-2815 | 1 Igniterealtime | 1 User Import Export | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
| An exploitable XML entity injection vulnerability exists in OpenFire User Import Export Plugin 2.6.0. A specially crafted web request can cause the retrieval of arbitrary files or denial of service. An authenticated attacker can send a crafted web request to trigger this vulnerability. | |||||
| CVE-2017-2812 | 1 Kakadusoftware | 1 Kakadu Sdk | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A code execution vulnerability exists in the kdu_buffered_expand function of the Kakadu SDK 7.9. A specially crafted JPEG 2000 file can be read by the program and can lead to an out of bounds write causing an exploitable condition to arise. | |||||
| CVE-2017-2811 | 1 Kakadusoftware | 1 Kakadu Sdk | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A code execution vulnerability exists in the Kakadu SDK 7.9's parsing of compressed JPEG 2000 images. A specially crafted JPEG 2000 file can be read by the program, and can lead to an out of bounds write causing an exploitable condition to arise. | |||||
| CVE-2017-2804 | 1 Corel | 1 Coreldraw Photo Paint X8 | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A remote out of bound write vulnerability exists in the TIFF parsing functionality of Core PHOTO-PAINT X8 18.1.0.661. A specially crafted TIFF file can cause a vulnerability resulting in potential memory corruption. An attacker can send the victim a specific TIFF file to trigger this vulnerability. | |||||
| CVE-2017-2803 | 1 Corel | 1 Coreldraw Photo Paint X8 | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A remote out of bound write vulnerability exists in the TIFF parsing functionality of Core PHOTO-PAINT X8 version 18.1.0.661. A specially crafted TIFF file can cause a vulnerability resulting in potential memory corruption. An attacker can send the victim a specific TIFF file to trigger this vulnerability. This vulnerability only exists in the 64-bit version. | |||||
| CVE-2017-2802 | 1 Dell | 1 Precision Optimizer | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| An exploitable dll hijacking vulnerability exists in the poaService.exe service component of the Dell Precision Optimizer software version 3.5.5.0. A specifically named malicious dll file located in one of directories pointed to by the PATH environment variable will lead to privilege escalation. An attacker with local access to vulnerable system can exploit this vulnerability. | |||||
| CVE-2017-2795 | 1 Marklogic | 1 Marklogic | 2024-11-21 | 6.8 MEDIUM | 8.3 HIGH |
| An exploitable heap corruption vulnerability exists in the Txo functionality of Antenna House DMC HTMLFilter as used by MarkLogic 8.0-6. A specially crafted xls file can cause a heap corruption resulting in arbitrary code execution. An attacker can send/provide malicious XLS file to trigger this vulnerability. | |||||
| CVE-2017-2792 | 1 Marklogic | 1 Marklogic | 2024-11-21 | 6.8 MEDIUM | 8.3 HIGH |
| An exploitable heap corruption vulnerability exists in the iBldDirInfo functionality of Antenna House DMC HTMLFilter used by MarkLogic 8.0-6. A specially crafted xls file can cause a heap corruption resulting in arbitrary code execution. An attacker can provide a malicious xls file to trigger this vulnerability. | |||||
| CVE-2017-2777 | 1 Iceni | 1 Argus | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An exploitable heap overflow vulnerability exists in the ipStringCreate function of Iceni Argus Version 6.6.05. A specially crafted pdf file can cause an integer overflow resulting in heap overflow. An attacker can send file to trigger this vulnerability. | |||||
| CVE-2017-2748 | 1 Hp | 1 Isaac Mizrahi Smartwatch | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A potential security vulnerability caused by the use of insecure (http) transactions during login has been identified with early versions of the Isaac Mizrahi Smartwatch mobile app. HP has no access to customer data as a result of this issue. | |||||
| CVE-2017-2747 | 1 Hp | 44 110, 110 Firmware, 310 and 41 more | 2024-11-21 | 2.1 LOW | 7.8 HIGH |
| HP has identified a potential security vulnerability before IG_11_00_00.10 for DesignJet T790, T795, T1300, T2300, before MRY_04_05_00.5 for DesignJet T920, T930, T1500, T1530, T2500, T2530, before AENEAS_03_04_00.9 for DesignJet T3500, before NEXUS_01_12_00.11 for Latex 310, 330, 360, 370, before NEXUS_03_12_00.15 for Latex 315, 335, 365, 375, before STORM_00_05_01.6 for Latex 560, 570 and Latex 110 that may expose the credentials of the SMTP server configured to receive and process emails generated by the printers. | |||||
| CVE-2017-2742 | 1 Hp | 1 Web Jetadmin | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| A potential security vulnerability has been identified with HP Web Jetadmin before 10.4 SR2. This vulnerability could potentially be exploited to create a denial of service. | |||||
| CVE-2017-2740 | 1 Hp | 1 Thinpro | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| A potential security vulnerability has been identified with the command line shell of the HP ThinPro operating system 6.1, 5.2.1, 5.2, 5.1, 5.0, and 4.4. The vulnerability could result in a local unauthorized elevation of privilege on an HP thin client device. | |||||
| CVE-2017-2670 | 2 Debian, Redhat | 4 Debian Linux, Enterprise Linux, Jboss Enterprise Application Platform and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| It was found in Undertow before 1.3.28 that with non-clean TCP close, the Websocket server gets into infinite loop on every IO thread, effectively causing DoS. | |||||
| CVE-2017-2667 | 2 Redhat, Theforeman | 3 Satellite, Satellite Capsule, Hammer Cli | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| Hammer CLI, a CLI utility for Foreman, before version 0.10.0, did not explicitly set the verify_ssl flag for apipie-bindings that disable it by default. As a result the server certificates are not checked and connections are prone to man-in-the-middle attacks. | |||||
| CVE-2017-2663 | 1 Redhat | 1 Subscription-manager | 2024-11-21 | 4.6 MEDIUM | 8.2 HIGH |
| It was found that subscription-manager's DBus interface before 1.19.4 let unprivileged user access the com.redhat.RHSM1.Facts.GetFacts and com.redhat.RHSM1.Config.Set methods. An unprivileged local attacker could use these methods to gain access to private information, or launch a privilege escalation attack. | |||||
| CVE-2017-2652 | 1 Jenkins | 1 Distributed Fork | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| It was found that there were no permission checks performed in the Distributed Fork plugin before and including 1.5.0 for Jenkins that provides the dist-fork CLI command beyond the basic check for Overall/Read permission, allowing anyone with that permission to run arbitrary shell commands on all connected nodes. | |||||
| CVE-2017-2650 | 1 Jenkins | 1 Pipeline Classpath Step | 2024-11-21 | 6.0 MEDIUM | 8.5 HIGH |
| It was found that the use of Pipeline: Classpath Step Jenkins plugin enables a bypass of the Script Security sandbox for users with SCM commit access, as well as users with e.g. Job/Configure permission in Jenkins. | |||||
| CVE-2017-2649 | 1 Jenkins | 1 Active Directory | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| It was found that the Active Directory Plugin for Jenkins up to and including version 2.2 did not verify certificates of the Active Directory server, thereby enabling Man-in-the-Middle attacks. | |||||