Total
318328 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-18020 | 1 Samsung | 1 Samsung Mobile | 2024-11-21 | 7.2 HIGH | 8.4 HIGH |
| On Samsung mobile devices with L(5.x), M(6.x), and N(7.x) software and Exynos chipsets, attackers can execute arbitrary code in the bootloader because S Boot omits a size check during a copy of ramfs data to memory. The Samsung ID is SVE-2017-10598. | |||||
| CVE-2017-18019 | 1 K7computing | 1 Total Security | 2024-11-21 | 3.6 LOW | 7.1 HIGH |
| In K7 Total Security before 15.1.0.305, user-controlled input to the K7Sentry device is not sufficiently sanitized: the user-controlled input can be used to compare an arbitrary memory address with a fixed value, which in turn can be used to read the contents of arbitrary memory. Similarly, the product crashes upon a \\.\K7Sentry DeviceIoControl call with an invalid kernel pointer. | |||||
| CVE-2017-18016 | 1 Parity | 1 Browser | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Parity Browser 1.6.10 and earlier allows remote attackers to bypass the Same Origin Policy and obtain sensitive information by requesting other websites via the Parity web proxy engine (reusing the current website's token, which is not bound to an origin). | |||||
| CVE-2017-18015 | 1 Wp-unit | 1 Share This Image | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The ILLID Share This Image plugin before 1.04 for WordPress has XSS via the sharer.php url parameter. | |||||
| CVE-2017-18014 | 1 Sophos | 2 Sfos, Xg Firewall | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An NC-25986 issue was discovered in the Logging subsystem of Sophos XG Firewall with SFOS before 17.0.3 MR3. An unauthenticated user can trigger a persistent XSS vulnerability found in the WAF log page (Control Center -> Log Viewer -> in the filter option "Web Server Protection") in the webadmin interface, and execute any action available to the webadmin of the firewall (e.g., creating a new user, enabling SSH, or adding an SSH authorized key). The WAF log page will execute the "User-Agent" parameter in the HTTP POST request. | |||||
| CVE-2017-18013 | 1 Libtiff | 1 Libtiff | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| In LibTIFF 4.0.9, there is a Null-Pointer Dereference in the tif_print.c TIFFPrintDirectory function, as demonstrated by a tiffinfo crash. | |||||
| CVE-2017-18012 | 1 Z-url Preview Project | 1 Z-url Preview | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Z-URL Preview plugin 1.6.1 for WordPress has XSS via the class.zlinkpreview.php url parameter. | |||||
| CVE-2017-18011 | 1 Clickbank | 1 Affiliate Ads For Clickbank Products | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The MyCBGenie Affiliate Ads for Clickbank Products plugin through 1.6 for WordPress has XSS via the text_ads_ajax.php border_color parameter. | |||||
| CVE-2017-18010 | 1 E-goi | 1 Smart Marketing Sms And Newsletters Forms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The E-goi Smart Marketing SMS and Newsletters Forms plugin before 2.0.0 for WordPress has XSS via the admin/partials/custom/egoi-for-wp-form_egoi.php url parameter. | |||||
| CVE-2017-18009 | 1 Opencv | 1 Opencv | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In OpenCV 3.3.1, a heap-based buffer over-read exists in the function cv::HdrDecoder::checkSignature in modules/imgcodecs/src/grfmt_hdr.cpp. | |||||
| CVE-2017-18008 | 2 Canonical, Imagemagick | 2 Ubuntu Linux, Imagemagick | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| In ImageMagick 7.0.7-17 Q16, there is a Memory Leak in ReadPWPImage in coders/pwp.c. | |||||
| CVE-2017-17999 | 1 Fairsketch | 1 Rise Ultimate Project Manager | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in RISE Ultimate Project Manager 1.9 allows remote attackers to execute arbitrary SQL commands via the search parameter to index.php/knowledge_base/get_article_suggestion/. | |||||
| CVE-2017-17996 | 1 Flexense | 1 Syncbreeze | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| A buffer overflow vulnerability in "Add command" functionality exists in Flexense SyncBreeze Enterprise <= 10.3.14. The vulnerability can be triggered by an authenticated attacker who submits more than 5000 characters as the command name. It will cause termination of the SyncBreeze Enterprise server and possibly remote command execution with SYSTEM privilege. | |||||
| CVE-2017-17976 | 1 Perfexcrm | 1 Perfex Crm | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In Utilities.php in Perfex CRM 1.9.7, Unrestricted file upload can lead to remote code execution. | |||||
| CVE-2017-17972 | 1 Archon Project | 1 Archon | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| packages/subjects/pub/subjects.php in Archon 3.21 rev-1 has XSS in the referer parameter in an index.php?subjecttypeid=xxx request, aka Open Bug Bounty ID OBB-466362. | |||||
| CVE-2017-17970 | 1 Muvikoscript | 1 Muviko | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple SQL injection vulnerabilities in Muviko 1.1 allow remote attackers to execute arbitrary SQL commands via the (1) email parameter to login.php; the (2) season_id parameter to themes/flixer/ajax/load_season.php; the (3) movie_id parameter to themes/flixer/ajax/get_rating.php; the (4) rating or (5) movie_id parameter to themes/flixer/ajax/update_rating.php; or the (6) id parameter to themes/flixer/ajax/set_player_source.php. | |||||
| CVE-2017-17947 | 1 Pulsesecure | 1 Pulse Connect Secure | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| A cross site scripting issue has been found in custompage.cgi in Pulse Secure Pulse Connect Secure (PCS) before 8.0R17.0, 8.1.x before 8.1R13, 8.2.x before 8.2R9, and 8.3.x before 8.3R3 and Pulse Policy Secure (PPS) before 5.2R10, 5.3.x before 5.3R9, and 5.4.x before 5.4R3 due to one of the URL parameters not being sanitized. Exploitation does require the user to be logged in as administrator; the issue is not applicable to the end user portal. | |||||
| CVE-2017-17946 | 1 Novosoft | 1 Handy Password | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A buffer overflow in Handy Password 4.9.3 allows remote attackers to execute arbitrary code via a long "Title name" field in "mail box" data that is mishandled in an "Open from mail box" action. | |||||
| CVE-2017-17945 | 1 Asus | 2 Hivivo, Vivobaby | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| The ASUS HiVivo aspplication before 5.6.27 for ASUS Watch has Missing SSL Certificate Validation. | |||||
| CVE-2017-17944 | 1 Asus | 2 Hivivo, Vivobaby | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| The ASUS Vivobaby application before 1.1.09 for Android has Missing SSL Certificate Validation. | |||||