Total
291504 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-10790 | 1 Gnu | 1 Libtasn1 | 2025-04-20 | N/A |
| The _asn1_check_identifier function in GNU Libtasn1 through 4.12 causes a NULL pointer dereference and crash when reading crafted input that triggers assignment of a NULL value within an asn1_node structure. It may lead to a remote denial of service attack. | ||||
| CVE-2017-10793 | 2 Att, Commscope | 3 U-verse Firmware, Arris Nvg589, Arris Nvg599 | 2025-04-20 | N/A |
| The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG589, NVG599, and unspecified other devices, when IP Passthrough mode is not used, configures an sbdc.ha WAN TCP service on port 61001 with the bdctest account and the bdctest password, which allows remote attackers to obtain sensitive information (such as the Wi-Fi password) by leveraging knowledge of a hardware identifier, related to the Bulk Data Collection (BDC) mechanism defined in Broadband Forum technical reports. | ||||
| CVE-2017-10794 | 1 Graphicsmagick | 1 Graphicsmagick | 2025-04-20 | N/A |
| When GraphicsMagick 1.3.25 processes an RGB TIFF picture (with metadata indicating a single sample per pixel) in coders/tiff.c, a buffer overflow occurs, related to QuantumTransferMode. | ||||
| CVE-2017-10798 | 1 Objectplanet | 1 Opinio | 2025-04-20 | N/A |
| In ObjectPlanet Opinio before 7.6.4, there is XSS. | ||||
| CVE-2017-10799 | 1 Graphicsmagick | 1 Graphicsmagick | 2025-04-20 | N/A |
| When GraphicsMagick 1.3.25 processes a DPX image (with metadata indicating a large width) in coders/dpx.c, a denial of service (OOM) can occur in ReadDPXImage(). | ||||
| CVE-2017-10800 | 1 Graphicsmagick | 1 Graphicsmagick | 2025-04-20 | N/A |
| When GraphicsMagick 1.3.25 processes a MATLAB image in coders/mat.c, it can lead to a denial of service (OOM) in ReadMATImage() if the size specified for a MAT Object is larger than the actual amount of data. | ||||
| CVE-2017-10801 | 1 Phpsocial | 1 Phpsocial | 2025-04-20 | N/A |
| phpSocial (formerly phpDolphin) before 3.0.1 has XSS in the PATH_INFO to the search/tag/ URI. | ||||
| CVE-2017-10803 | 1 Odoo | 1 Odoo | 2025-04-20 | N/A |
| In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise Edition 9.0 and 10.0, insecure handling of anonymization data in the Database Anonymization module allows remote authenticated privileged users to execute arbitrary Python code, because unpickle is used. | ||||
| CVE-2017-10804 | 1 Odoo | 1 Odoo | 2025-04-20 | N/A |
| In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise Edition 9.0 and 10.0, remote attackers can bypass authentication under certain circumstances because parameters containing 0x00 characters are truncated before reaching the database layer. This occurs because Psycopg 2.x before 2.6.3 is used. | ||||
| CVE-2017-10807 | 1 Jabberd2 | 1 Jabberd2 | 2025-04-20 | N/A |
| JabberD 2.x (aka jabberd2) before 2.6.1 allows anyone to authenticate using SASL ANONYMOUS, even when the sasl.anonymous c2s.xml option is not enabled. | ||||
| CVE-2017-10811 | 1 Buffalo | 2 Wcr-1166ds, Wcr-1166ds Firmware | 2025-04-20 | N/A |
| Buffalo WCR-1166DS devices with firmware 1.30 and earlier allow an attacker to execute arbitrary OS commands via unspecified vectors. | ||||
| CVE-2017-10812 | 1 Nttdocomo | 1 Photo Collection Pc Software | 2025-04-20 | N/A |
| Untrusted search path vulnerability in Photo Collection PC Software Ver.4.0.2 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | ||||
| CVE-2017-10813 | 1 Corega | 2 Wlr 300 Nm, Wlr 300 Nm Firmware | 2025-04-20 | N/A |
| CG-WLR300NM Firmware version 1.90 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors. | ||||
| CVE-2017-9370 | 1 Blackberry | 1 Workspaces | 2025-04-20 | N/A |
| An information disclosure / elevation of privilege vulnerability in the BlackBerry Workspaces Server could potentially allow an attacker who has legitimate access to BlackBerry Workspaces to gain access to another user's workspace by making multiple login requests to the server. | ||||
| CVE-2017-10816 | 1 Intercom | 1 Malion | 2025-04-20 | 9.8 Critical |
| SQL injection vulnerability in the MaLion for Windows and Mac 5.0.0 to 5.2.1 allows remote attackers to execute arbitrary SQL commands via Relay Service Server. | ||||
| CVE-2017-10817 | 1 Intercom | 1 Malion | 2025-04-20 | 9.8 Critical |
| MaLion for Windows and Mac 5.0.0 to 5.2.1 allows remote attackers to bypass authentication to alter settings in Relay Service Server. | ||||
| CVE-2017-10818 | 1 Intercom | 1 Malion | 2025-04-20 | 9.8 Critical |
| MaLion for Windows and Mac versions 3.2.1 to 5.2.1 uses a hardcoded cryptographic key which may allow an attacker to alter the connection settings of Terminal Agent and spoof the Relay Service. | ||||
| CVE-2017-10819 | 1 Intercom | 1 Malion | 2025-04-20 | 5.9 Medium |
| MaLion for Mac 4.3.0 to 5.2.1 does not properly validate certificates, which may allow an attacker to eavesdrop on an encrypted communication. | ||||
| CVE-2017-10820 | 1 Ipa | 1 Ip Messenger | 2025-04-20 | N/A |
| Untrusted search path vulnerability in Installer of IP Messenger for Win 4.60 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | ||||
| CVE-2017-1000192 | 1 Cygnux | 1 Syspass | 2025-04-20 | N/A |
| Cygnux sysPass version 2.1.7 and older is vulnerable to a Local File Inclusion in the functionality of javascript files inclusion. The attacker can read the configuration files that contain the login and password from the database, private encryption key, as well as other sensitive information. | ||||