Total
1094 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-17524 | 1 Swi-prolog | 1 Swi-prolog | 2024-08-05 | N/A |
| library/www_browser.pl in SWI-Prolog 7.2.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. | ||||
| CVE-2017-17534 | 1 Mensis Project | 1 Mensis | 2024-08-05 | N/A |
| uiutil.c in Mensis 0.0.080507 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, a different vulnerability than CVE-2017-17521. | ||||
| CVE-2017-17531 | 1 Gnu | 1 Global | 2024-08-05 | N/A |
| gozilla.c in GNU GLOBAL 4.8.6 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. | ||||
| CVE-2017-17516 | 1 Reddit Terminal Viewer Project | 1 Reddit Terminal Viewer | 2024-08-05 | N/A |
| scripts/inspect_webbrowser.py in Reddit Terminal Viewer (RTV) 1.19.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. | ||||
| CVE-2017-17513 | 1 Tug | 1 Tex Live | 2024-08-05 | N/A |
| TeX Live through 20170524 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, related to linked_scripts/context/stubs/unix/mtxrun, texmf-dist/scripts/context/stubs/mswin/mtxrun.lua, and texmf-dist/tex/luatex/lualibs/lualibs-os.lua. | ||||
| CVE-2017-16719 | 1 Moxa | 6 Nport 5110, Nport 5110 Firmware, Nport 5130 and 3 more | 2024-08-05 | N/A |
| An Injection issue was discovered in Moxa NPort 5110 Version 2.2, NPort 5110 Version 2.4, NPort 5110 Version 2.6, NPort 5110 Version 2.7, NPort 5130 Version 3.7 and prior, and NPort 5150 Version 3.7 and prior. An attacker may be able to inject packets that could potentially disrupt the availability of the device. | ||||
| CVE-2017-14523 | 1 Wondercms | 1 Wondercms | 2024-08-05 | N/A |
| WonderCMS 2.3.1 is vulnerable to an HTTP Host header injection attack. It uses user-entered values to redirect pages. NOTE: the vendor reports that exploitation is unlikely because the attack can only come from a local machine or from the administrator as a self attack | ||||
| CVE-2017-14094 | 1 Trendmicro | 1 Smart Protection Server | 2024-08-05 | N/A |
| A vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to perform remote command execution via a cron job injection on a vulnerable system. | ||||
| CVE-2017-9861 | 1 Sma | 78 Sunny Boy 1.5, Sunny Boy 1.5 Firmware, Sunny Boy 2.5 and 75 more | 2024-08-05 | N/A |
| An issue was discovered in SMA Solar Technology products. The SIP implementation does not properly use authentication with encryption: it is vulnerable to replay attacks, packet injection attacks, and man in the middle attacks. An attacker is able to successfully use SIP to communicate with the device from anywhere within the LAN. An attacker may use this to crash the device, stop it from communicating with the SMA servers, exploit known SIP vulnerabilities, or find sensitive information from the SIP communications. Furthermore, because the SIP communication channel is unencrypted, an attacker capable of understanding the protocol can eavesdrop on communications. For example, passwords can be extracted. NOTE: the vendor's position is that authentication with encryption is not required on an isolated subnetwork. Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected | ||||
| CVE-2017-10963 | 1 Samsung | 2 Knox Enterprise Mobility Management, Knox Identity Access Management | 2024-08-05 | N/A |
| In Knox SDS IAM (Identity Access Management) and EMM (Enterprise Mobility Management) 16.11 on Samsung mobile devices, a man-in-the-middle attacker can install any application into the Knox container (without the user's knowledge) by inspecting network traffic from a Samsung server and injecting content at a certain point in the update sequence. This installed application can further leak information stored inside the Knox container to the outside world. | ||||
| CVE-2017-9133 | 1 Mimosa | 2 Backhaul Radios, Client Radios | 2024-08-05 | N/A |
| An issue was discovered on Mimosa Client Radios before 2.2.3 and Mimosa Backhaul Radios before 2.2.3. In the device's web interface, after logging in, there is a page that allows you to ping other hosts from the device and view the results. The user is allowed to specify which host to ping, but this variable is not sanitized server-side, which allows an attacker to pass a specially crafted string to execute shell commands as the root user. | ||||
| CVE-2017-9135 | 1 Mimosa | 2 Backhaul Radios, Client Radios | 2024-08-05 | N/A |
| An issue was discovered on Mimosa Client Radios before 2.2.4 and Mimosa Backhaul Radios before 2.2.4. On the backend of the device's web interface, there are some diagnostic tests available that are not displayed on the webpage; these are only accessible by crafting a POST request with a program like cURL. There is one test accessible via cURL that does not properly sanitize user input, allowing an attacker to execute shell commands as the root user. | ||||
| CVE-2017-8809 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2024-08-05 | N/A |
| api.php in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 has a Reflected File Download vulnerability. | ||||
| CVE-2017-8458 | 1 Brave | 1 Brave | 2024-08-05 | N/A |
| Brave 0.12.4 has a URI Obfuscation issue in which a string such as https://safe.example.com@unsafe.example.com/ is displayed without a clear UI indication that it is not a resource on the safe.example.com web site. | ||||
| CVE-2017-7846 | 3 Debian, Mozilla, Redhat | 8 Debian Linux, Thunderbird, Enterprise Linux and 5 more | 2024-08-05 | N/A |
| It is possible to execute JavaScript in the parsed RSS feed when RSS feed is viewed as a website, e.g. via "View -> Feed article -> Website" or in the standard format of "View -> Feed article -> default format". This vulnerability affects Thunderbird < 52.5.2. | ||||
| CVE-2017-7848 | 3 Debian, Mozilla, Redhat | 8 Debian Linux, Thunderbird, Enterprise Linux and 5 more | 2024-08-05 | N/A |
| RSS fields can inject new lines into the created email structure, modifying the message body. This vulnerability affects Thunderbird < 52.5.2. | ||||
| CVE-2017-7788 | 1 Mozilla | 1 Firefox | 2024-08-05 | N/A |
| When an "iframe" has a "sandbox" attribute and its content is specified using "srcdoc", that content does not inherit the containing page's Content Security Policy (CSP) as it should unless the sandbox attribute included "allow-same-origin". This vulnerability affects Firefox < 55. | ||||
| CVE-2017-7703 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2024-08-05 | N/A |
| In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the IMAP dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-imap.c by calculating a line's end correctly. | ||||
| CVE-2017-7459 | 1 Ntop | 1 Ntopng | 2024-08-05 | N/A |
| ntopng before 3.0 allows HTTP Response Splitting. | ||||
| CVE-2017-7239 | 1 Ninka Project | 1 Ninka | 2024-08-05 | N/A |
| Ninka before 1.3.2 might allow remote attackers to obtain sensitive information, manipulate license compliance scan results, or cause a denial of service (process hang) via a crafted filename. | ||||