| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2017-12061 | An XSS issue was discovered in admin/install.php in MantisBT before 1.3.12 and 2.x before 2.5.2. Som... | S | |
| CVE-2017-12062 | An XSS issue was discovered in manage_user_page.php in MantisBT 2.x before 2.5.2. The 'filter' field... | E S | |
| CVE-2017-12064 | The csv_log_html function in library/edihistory/edih_csv_inc.php in OpenEMR 5.0.0 and prior allows a... | S | |
| CVE-2017-12065 | spikekill.php in Cacti before 1.1.16 might allow remote attackers to execute arbitrary code via the ... | S | |
| CVE-2017-12066 | Cross-site scripting (XSS) vulnerability in aggregate_graphs.php in Cacti before 1.1.16 allows remot... | S | |
| CVE-2017-12067 | Potrace 1.14 has a heap-based buffer over-read in the interpolate_cubic function in mkbitmap.c.... | | |
| CVE-2017-12068 | The Event List plugin 0.7.9 for WordPress has XSS in the slug array parameter to wp-admin/admin.php ... | E | |
| CVE-2017-12069 | An XXE vulnerability has been identified in OPC Foundation UA .NET Sample Code before 2017-03-21 and... | S | |
| CVE-2017-12070 | Unsigned versions of the DLLs distributed by the OPC Foundation may be replaced with malicious code.... | | |
| CVE-2017-12071 | Server-side request forgery (SSRF) vulnerability in file_upload.php in Synology Photo Station before... | | |
| CVE-2017-12072 | Cross-site scripting (XSS) vulnerability in PixlrEditorHandler.php in Synology Photo Station before ... | | |
| CVE-2017-12073 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2017-12074 | Directory traversal vulnerability in the SYNO.DNSServer.Zone.MasterZoneConf in Synology DNS Server b... | | |
| CVE-2017-12075 | Command injection vulnerability in EZ-Internet in Synology DiskStation Manager (DSM) before 6.2-2373... | | |
| CVE-2017-12076 | Uncontrolled Resource Consumption vulnerability in SYNO.Core.PortForwarding.Rules in Synology DiskSt... | | |
| CVE-2017-12077 | Uncontrolled Resource Consumption vulnerability in SYNO.Core.PortForwarding.Rules in Synology Router... | | |
| CVE-2017-12078 | Command injection vulnerability in EZ-Internet in Synology Router Manager (SRM) before 1.1.6-6931 al... | | |
| CVE-2017-12079 | Files or directories accessible to external parties vulnerability in picasa.php in Synology Photo St... | | |
| CVE-2017-12080 | An information exposure vulnerability in default HTTP configuration file in Synology Photo Station b... | | |
| CVE-2017-12081 | An exploitable integer overflow exists in the upgrade of a legacy Mesh attribute of the Blender open... | E | |
| CVE-2017-12082 | An exploitable integer overflow exists in the 'CustomData' Mesh loading functionality of the Blender... | E | |
| CVE-2017-12083 | An exploitable information disclosure vulnerability exists in the apid daemon of the Circle with Dis... | E | |
| CVE-2017-12084 | A backdoor vulnerability exists in remote control functionality of Circle with Disney running firmwa... | E | |
| CVE-2017-12085 | An exploitable routing vulnerability exists in the Circle with Disney cloud infrastructure. A specia... | E | |
| CVE-2017-12086 | An exploitable integer overflow exists in the 'BKE_mesh_calc_normals_tessface' functionality of the ... | E | |
| CVE-2017-12087 | An exploitable heap overflow vulnerability exists in the tinysvcmdns library version 2016-07-18. A s... | E | |
| CVE-2017-12088 | An exploitable denial of service vulnerability exists in the Ethernet functionality of the Allen Bra... | E | |
| CVE-2017-12089 | An exploitable denial of service vulnerability exists in the program download functionality of Allen... | E | |
| CVE-2017-12090 | An exploitable denial of service vulnerability exists in the processing of snmp-set commands of the ... | E | |
| CVE-2017-12091 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-14462, CVE-2017-14463, CVE-... | R | |
| CVE-2017-12092 | An exploitable file write vulnerability exists in the memory module functionality of Allen Bradley M... | E M | |
| CVE-2017-12093 | An exploitable insufficient resource pool vulnerability exists in the session communication function... | E | |
| CVE-2017-12094 | An exploitable vulnerability exists in the WiFi Channel parsing of Circle with Disney running firmwa... | E | |
| CVE-2017-12095 | An exploitable vulnerability exists in the WiFi Access Point feature of Circle with Disney running f... | E | |
| CVE-2017-12096 | An exploitable vulnerability exists in the WiFi management of Circle with Disney. A crafted Access P... | E | |
| CVE-2017-12097 | An exploitable cross site scripting (XSS) vulnerability exists in the filter functionality of the de... | E | |
| CVE-2017-12098 | An exploitable cross site scripting (XSS) vulnerability exists in the add filter functionality of th... | E | |
| CVE-2017-12099 | An exploitable integer overflow exists in the upgrade of the legacy Mesh attribute 'tface' of the Bl... | E | |
| CVE-2017-12100 | An exploitable integer overflow exists in the 'multires_load_old_dm' functionality of the Blender op... | E | |
| CVE-2017-12101 | An exploitable integer overflow exists in the 'modifier_mdef_compact_influences' functionality of th... | E | |
| CVE-2017-12102 | An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.... | E | |
| CVE-2017-12103 | An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.... | E | |
| CVE-2017-12104 | An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.... | E | |
| CVE-2017-12105 | An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.... | E | |
| CVE-2017-12106 | A memory corruption vulnerability exists in the .TGA parsing functionality of Computerinsel Photolin... | E | |
| CVE-2017-12107 | An memory corruption vulnerability exists in the .PCX parsing functionality of Computerinsel Photoli... | | |
| CVE-2017-12108 | An exploitable integer overflow vulnerability exists in the xls_preparseWorkSheet function of libxls... | E | |
| CVE-2017-12109 | An exploitable integer overflow vulnerability exists in the xls_preparseWorkSheet function of libxls... | E | |
| CVE-2017-12110 | An exploitable integer overflow vulnerability exists in the xls_appendSST function of libxls 1.4.A s... | | |
| CVE-2017-12111 | An exploitable out-of-bounds vulnerability exists in the xls_addCell function of libxls 1.4. A speci... | | |
| CVE-2017-12112 | An exploitable improper authorization vulnerability exists in admin_addPeer API of cpp-ethereum's JS... | E | |
| CVE-2017-12113 | An exploitable improper authorization vulnerability exists in admin_nodeInfo API of cpp-ethereum's J... | E | |
| CVE-2017-12114 | An exploitable improper authorization vulnerability exists in admin_peers API of cpp-ethereum's JSON... | E | |
| CVE-2017-12115 | An exploitable improper authorization vulnerability exists in miner_setEtherbase API of cpp-ethereum... | E | |
| CVE-2017-12116 | An exploitable improper authorization vulnerability exists in miner_setGasPrice API of cpp-ethereum'... | E | |
| CVE-2017-12117 | An exploitable improper authorization vulnerability exists in miner_start API of cpp-ethereum's JSON... | E | |
| CVE-2017-12118 | An exploitable improper authorization vulnerability exists in miner_stop API of cpp-ethereum's JSON-... | E | |
| CVE-2017-12119 | An exploitable unhandled exception vulnerability exists in multiple APIs of CPP-Ethereum JSON-RPC. S... | E | |
| CVE-2017-12120 | An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-81... | E | |
| CVE-2017-12121 | An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-81... | E | |
| CVE-2017-12122 | An exploitable code execution vulnerability exists in the ILBM image rendering functionality of SDL2... | | |
| CVE-2017-12123 | An exploitable clear text transmission of password vulnerability exists in the web server and telnet... | E | |
| CVE-2017-12124 | An exploitable denial of service vulnerability exists in the web server functionality of Moxa EDR-81... | E | |
| CVE-2017-12125 | An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-81... | E | |
| CVE-2017-12126 | An exploitable cross-site request forgery vulnerability exists in the web server functionality of Mo... | E | |
| CVE-2017-12127 | A password storage vulnerability exists in the operating system functionality of Moxa EDR-810 V4.1 b... | E | |
| CVE-2017-12128 | An exploitable information disclosure vulnerability exists in the Server Agent functionality of Moxa... | E | |
| CVE-2017-12129 | An exploitable Weak Cryptography for Passwords vulnerability exists in the web server functionality ... | E | |
| CVE-2017-12130 | An exploitable NULL pointer dereference vulnerability exists in the tinysvcmdns library version 2017... | E | |
| CVE-2017-12131 | The Easy Testimonials plugin 3.0.4 for WordPress has XSS in include/settings/display.options.php, as... | E | |
| CVE-2017-12132 | The DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS suppo... | S | |
| CVE-2017-12133 | Use-after-free vulnerability in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library ... | | |
| CVE-2017-12134 | The xen_biovec_phys_mergeable function in drivers/xen/biomerge.c in Xen might allow local OS guest u... | S | |
| CVE-2017-12135 | Xen allows local OS guest users to cause a denial of service (crash) or possibly obtain sensitive in... | S | |
| CVE-2017-12136 | Race condition in the grant table code in Xen 4.6.x through 4.9.x allows local guest OS administrato... | S | |
| CVE-2017-12137 | arch/x86/mm.c in Xen allows local PV guest OS users to gain host OS privileges via vectors related t... | S | |
| CVE-2017-12138 | XOOPS Core 2.5.8 has a stored URL redirect bypass vulnerability in /modules/profile/index.php becaus... | | |
| CVE-2017-12139 | XOOPS Core 2.5.8 has stored XSS in imagemanager.php because of missing MIME type validation in htdoc... | | |
| CVE-2017-12140 | The ReadDCMImage function in coders\dcm.c in ImageMagick 7.0.6-1 has an integer signedness error lea... | S | |
| CVE-2017-12141 | In ytnef 1.9.2, a heap-based buffer overflow vulnerability was found in the function TNEFFillMapi in... | S | |
| CVE-2017-12142 | In ytnef 1.9.2, an invalid memory read vulnerability was found in the function SwapDWord in ytnef.c,... | | |
| CVE-2017-12143 | In libquicktime 1.2.4, an allocation failure was found in the function quicktime_read_info in lqt_qu... | S | |
| CVE-2017-12144 | In ytnef 1.9.2, an allocation failure was found in the function TNEFFillMapi in ytnef.c, which allow... | | |
| CVE-2017-12145 | In libquicktime 1.2.4, an allocation failure was found in the function quicktime_read_ftyp in ftyp.c... | S | |
| CVE-2017-12146 | The driver_override implementation in drivers/base/platform.c in the Linux kernel before 4.12.1 allo... | S | |
| CVE-2017-12148 | A flaw was found in Ansible Tower's interface before 3.1.5 and 3.2.0 with SCM repositories. If a Tow... | | |
| CVE-2017-12149 | In Jboss Application Server as shipped with Red Hat Enterprise Application Platform 5.2, it was foun... | KEV | |
| CVE-2017-12150 | It was found that samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8 did not enforce "... | S | |
| CVE-2017-12151 | A flaw was found in the way samba client before samba 4.4.16, samba 4.5.14 and samba 4.6.8 used encr... | M | |
| CVE-2017-12152 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2017-12153 | A security flaw was discovered in the nl80211_set_rekey_data() function in net/wireless/nl80211.c in... | S | |
| CVE-2017-12154 | The prepare_vmcs02 function in arch/x86/kvm/vmx.c in the Linux kernel through 4.13.3 does not ensure... | S | |
| CVE-2017-12155 | A resource-permission flaw was found in the openstack-tripleo-heat-templates package where ceph.clie... | S | |
| CVE-2017-12156 | Moodle 3.x has XSS in the contact form on the "non-respondents" page in non-anonymous feedback.... | S | |
| CVE-2017-12157 | In Moodle 3.x, various course reports allow teachers to view details about users in the groups they ... | S | |
| CVE-2017-12158 | It was found that Keycloak would accept a HOST header URL in the admin console and use it to determi... | | |
| CVE-2017-12159 | It was found that the cookie used for CSRF prevention in Keycloak was not unique to each session. An... | | |
| CVE-2017-12160 | It was found that Keycloak oauth would permit an authenticated resource to obtain an access/refresh ... | | |
| CVE-2017-12161 | It was found that keycloak before 3.4.2 final would permit misuse of a client-side /etc/hosts entry ... | S | |
| CVE-2017-12163 | An information leak flaw was found in the way SMB1 protocol was implemented by Samba before 4.4.16, ... | S | |
| CVE-2017-12164 | A flaw was discovered in gdm 3.24.1 where gdm greeter was no longer setting the ran_once boolean dur... | S | |
| CVE-2017-12165 | It was discovered that Undertow before 1.4.17, 1.3.31 and 2.0.0 processes http request headers with ... | | |
| CVE-2017-12166 | OpenVPN versions before 2.3.3 and 2.4.x before 2.4.4 are vulnerable to a buffer overflow vulnerabili... | S | |
| CVE-2017-12167 | It was found in EAP 7 before 7.0.9 that properties based files of the management and the application... | | |
| CVE-2017-12168 | The access_pmu_evcntr function in arch/arm64/kvm/sys_regs.c in the Linux kernel before 4.8.11 allows... | S | |
| CVE-2017-12169 | It was found that FreeIPA 4.2.0 and later could disclose password hashes to users having the 'System... | | |
| CVE-2017-12170 | Downstream version 1.0.46-1 of pure-ftpd as shipped in Fedora was vulnerable to packaging error due ... | | |
| CVE-2017-12171 | A regression was found in the Red Hat Enterprise Linux 6.9 version of httpd 2.2.15-60, causing comme... | | |
| CVE-2017-12172 | PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, 9.3.x bef... | | |
| CVE-2017-12173 | It was found that sssd's sysdb_search_user_by_upn_res() function before 1.16.0 did not sanitize requ... | S | |
| CVE-2017-12174 | It was found that when Artemis and HornetQ before 2.4.0 are configured with UDP discovery and JGroup... | | |
| CVE-2017-12175 | Red Hat Satellite before 6.5 is vulnerable to a XSS in discovery rule when you are entering filter a... | E | |
| CVE-2017-12176 | xorg-x11-server before 1.19.5 was missing extra length validation in ProcEstablishConnection functio... | S | |
| CVE-2017-12177 | xorg-x11-server before 1.19.5 was vulnerable to integer overflow in ProcDbeGetVisualInfo function al... | S | |
| CVE-2017-12178 | xorg-x11-server before 1.19.5 had wrong extra length check in ProcXIChangeHierarchy function allowin... | S | |
| CVE-2017-12179 | xorg-x11-server before 1.19.5 was vulnerable to integer overflow in (S)ProcXIBarrierReleasePointer f... | S | |
| CVE-2017-12180 | xorg-x11-server before 1.19.5 was missing length validation in XFree86 VidModeExtension allowing mal... | S | |
| CVE-2017-12181 | xorg-x11-server before 1.19.5 was missing length validation in XFree86 DGA extension allowing malici... | S | |
| CVE-2017-12182 | xorg-x11-server before 1.19.5 was missing length validation in XFree86 DRI extension allowing malici... | S | |
| CVE-2017-12183 | xorg-x11-server before 1.19.5 was missing length validation in XFIXES extension allowing malicious X... | S | |
| CVE-2017-12184 | xorg-x11-server before 1.19.5 was missing length validation in XINERAMA extension allowing malicious... | S | |
| CVE-2017-12185 | xorg-x11-server before 1.19.5 was missing length validation in MIT-SCREEN-SAVER extension allowing m... | S | |
| CVE-2017-12186 | xorg-x11-server before 1.19.5 was missing length validation in X-Resource extension allowing malicio... | E S | |
| CVE-2017-12187 | xorg-x11-server before 1.19.5 was missing length validation in RENDER extension allowing malicious X... | S | |
| CVE-2017-12188 | arch/x86/kvm/mmu.c in the Linux kernel through 4.13.5, when nested virtualisation is used, does not ... | S | |
| CVE-2017-12189 | It was discovered that the jboss init script as used in Red Hat JBoss Enterprise Application Platfor... | S | |
| CVE-2017-12190 | The bio_map_user_iov and bio_unmap_user functions in block/bio.c in the Linux kernel before 4.13.8 d... | S | |
| CVE-2017-12191 | A flaw was found in the CloudForms account configuration when using VMware. By default, a shared acc... | S | |
| CVE-2017-12192 | The keyctl_read_key function in security/keys/keyctl.c in the Key Management subcomponent in the Lin... | S | |
| CVE-2017-12193 | The assoc_array_insert_into_terminal_node function in lib/assoc_array.c in the Linux kernel before 4... | S | |
| CVE-2017-12194 | A flaw was found in the way spice-client processed certain messages sent from the server. An attacke... | | |
| CVE-2017-12195 | A flaw was found in all Openshift Enterprise versions using the openshift elasticsearch plugin. An a... | | |
| CVE-2017-12196 | undertow before versions 1.4.18.SP1, 2.0.2.Final, 1.4.24.Final was found vulnerable when using Diges... | | |
| CVE-2017-12197 | It was found that libpam4j up to and including 1.8 did not properly validate user accounts when auth... | | |
| CVE-2017-12199 | The Etoile Ultimate Product Catalog plugin 4.2.11 for WordPress has SQL injection with these wp-admi... | E | |
| CVE-2017-12200 | The Etoile Ultimate Product Catalog plugin 4.2.11 for WordPress has XSS in the Add Product Manually ... | | |
| CVE-2017-12211 | A vulnerability in the IPv6 Simple Network Management Protocol (SNMP) code of Cisco IOS and Cisco IO... | | |
| CVE-2017-12212 | A vulnerability in the web framework of Cisco Unity Connection could allow an unauthenticated, remot... | | |
| CVE-2017-12213 | A vulnerability in the dynamic access control list (ACL) feature of Cisco IOS XE Software running on... | M | |
| CVE-2017-12214 | A vulnerability in the Operations, Administration, Maintenance, and Provisioning (OAMP) credential r... | | |
| CVE-2017-12215 | A vulnerability in the email message filtering feature of Cisco AsyncOS Software for the Cisco Email... | | |
| CVE-2017-12216 | A vulnerability in the web-based user interface of Cisco SocialMiner could allow an unauthenticated,... | | |
| CVE-2017-12217 | A vulnerability in the General Packet Radio Service (GPRS) Tunneling Protocol ingress packet handler... | | |
| CVE-2017-12218 | A vulnerability in the malware detection functionality within Advanced Malware Protection (AMP) of C... | | |
| CVE-2017-12219 | A vulnerability in the handling of IP fragments for the Cisco Small Business SPA300, SPA500, and SPA... | | |
| CVE-2017-12220 | A vulnerability in the web-based management interface of Cisco Firepower Management Center could all... | | |
| CVE-2017-12221 | A vulnerability in the web framework of Cisco Firepower Management Center could allow an authenticat... | | |
| CVE-2017-12222 | A vulnerability in the wireless controller manager of Cisco IOS XE could allow an unauthenticated, a... | | |
| CVE-2017-12223 | A vulnerability in the ROM Monitor (ROMMON) code of Cisco IR800 Integrated Services Router Software ... | | |
| CVE-2017-12224 | A vulnerability in the ability for guest users to join meetings via a hyperlink with Cisco Meeting S... | | |
| CVE-2017-12225 | A vulnerability in the web functionality of the Cisco Prime LAN Management Solution could allow an a... | | |
| CVE-2017-12226 | A vulnerability in the web-based Wireless Controller GUI of Cisco IOS XE Software for Cisco 5760 Wir... | | |
| CVE-2017-12227 | A vulnerability in the SQL database interface for Cisco Emergency Responder could allow an authentic... | | |
| CVE-2017-12228 | A vulnerability in the Cisco Network Plug and Play application of Cisco IOS 12.4 through 15.6 and Ci... | | |
| CVE-2017-12229 | A vulnerability in the REST API of the web-based user interface (web UI) of Cisco IOS XE 3.1 through... | | |
| CVE-2017-12230 | A vulnerability in the web-based user interface (web UI) of Cisco IOS XE 16.2 could allow an authent... | | |
| CVE-2017-12231 | A vulnerability in the implementation of Network Address Translation (NAT) functionality in Cisco IO... | KEV | |
| CVE-2017-12232 | A vulnerability in the implementation of a protocol in Cisco Integrated Services Routers Generation ... | KEV | |
| CVE-2017-12233 | Multiple vulnerabilities in the implementation of the Common Industrial Protocol (CIP) feature in Ci... | KEV | |
| CVE-2017-12234 | Multiple vulnerabilities in the implementation of the Common Industrial Protocol (CIP) feature in Ci... | KEV | |
| CVE-2017-12235 | A vulnerability in the implementation of the PROFINET Discovery and Configuration Protocol (PN-DCP) ... | KEV | |
| CVE-2017-12236 | A vulnerability in the implementation of the Locator/ID Separation Protocol (LISP) in Cisco IOS XE 3... | | |
| CVE-2017-12237 | A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco IOS 15.0 through 15.6... | KEV | |
| CVE-2017-12238 | A vulnerability in the Virtual Private LAN Service (VPLS) code of Cisco IOS 15.0 through 15.4 for Ci... | KEV | |
| CVE-2017-12239 | A vulnerability in motherboard console ports of line cards for Cisco ASR 1000 Series Aggregation Ser... | | |
| CVE-2017-12240 | The DHCP relay subsystem of Cisco IOS 12.2 through 15.6 and Cisco IOS XE Software contains a vulnera... | KEV | |
| CVE-2017-12243 | A vulnerability in the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Nex... | | |
| CVE-2017-12244 | A vulnerability in the detection engine parsing of IPv6 packets for Cisco Firepower System Software ... | | |
| CVE-2017-12245 | A vulnerability in SSL traffic decryption for Cisco Firepower Threat Defense (FTD) Software could al... | | |
| CVE-2017-12246 | A vulnerability in the implementation of the direct authentication feature in Cisco Adaptive Securit... | | |
| CVE-2017-12248 | A vulnerability in the web framework code of Cisco Unified Intelligence Center Software could allow ... | | |
| CVE-2017-12249 | A vulnerability in the Traversal Using Relay NAT (TURN) server included with Cisco Meeting Server (C... | | |
| CVE-2017-12250 | A vulnerability in the HTTP web interface for Cisco Wide Area Application Services (WAAS) could allo... | | |
| CVE-2017-12251 | A vulnerability in the web console of the Cisco Cloud Services Platform (CSP) 2100 could allow an au... | | |
| CVE-2017-12252 | A vulnerability in the Cisco FindIT Network Discovery Utility could allow an authenticated, local at... | | |
| CVE-2017-12253 | A vulnerability in the Cisco Unified Intelligence Center could allow an unauthenticated, remote atta... | | |
| CVE-2017-12254 | A vulnerability in the web interface of Cisco Unified Intelligence Center could allow an unauthentic... | | |
| CVE-2017-12255 | A vulnerability in the CLI of Cisco UCS Central Software could allow an authenticated, local attacke... | | |
| CVE-2017-12256 | A vulnerability in the Akamai Connect feature of Cisco Wide Area Application Services (WAAS) Applian... | | |
| CVE-2017-12257 | A vulnerability in the web framework of Cisco WebEx Meetings Server could allow an unauthenticated, ... | | |
| CVE-2017-12258 | A vulnerability in the web-based UI of Cisco Unified Communications Manager could allow an unauthent... | | |
| CVE-2017-12259 | A vulnerability in the implementation of Session Initiation Protocol (SIP) functionality in Cisco Sm... | | |
| CVE-2017-12260 | A vulnerability in the implementation of Session Initiation Protocol (SIP) functionality in Cisco Sm... | | |
| CVE-2017-12261 | A vulnerability in the restricted shell of the Cisco Identity Services Engine (ISE) that is accessib... | | |
| CVE-2017-12262 | A vulnerability within the firewall configuration of the Cisco Application Policy Infrastructure Con... | | |
| CVE-2017-12263 | A vulnerability in the web interface of Cisco License Manager software could allow an unauthenticate... | | |
| CVE-2017-12264 | A vulnerability in the Web Admin Interface of Cisco Meeting Server could allow an unauthenticated, r... | | |
| CVE-2017-12265 | A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) Sof... | | |
| CVE-2017-12266 | A vulnerability in the routine that loads DLL files in Cisco Meeting App for Windows could allow an ... | | |
| CVE-2017-12267 | A vulnerability in the Independent Computing Architecture (ICA) accelerator feature for the Cisco Wi... | | |
| CVE-2017-12268 | A vulnerability in the Network Access Manager (NAM) of Cisco AnyConnect Secure Mobility Client could... | | |
| CVE-2017-12269 | A vulnerability in the web UI of Cisco Spark Messaging Software could allow an authenticated, remote... | | |
| CVE-2017-12270 | A vulnerability in the gRPC code of Cisco IOS XR Software for Cisco Network Convergence System (NCS)... | | |
| CVE-2017-12271 | A vulnerability in Cisco SPA300 and SPA500 Series IP Phones could allow an unauthenticated, remote a... | | |
| CVE-2017-12272 | A vulnerability in the web framework code of Cisco IOS XE Software could allow an unauthenticated, r... | | |
| CVE-2017-12273 | A vulnerability in 802.11 association request frame processing for the Cisco Aironet 1560, 2800, and... | | |
| CVE-2017-12274 | A vulnerability in Extensible Authentication Protocol (EAP) ingress frame processing for the Cisco A... | | |
| CVE-2017-12275 | A vulnerability in the implementation of 802.11v Basic Service Set (BSS) Transition Management funct... | | |
| CVE-2017-12276 | A vulnerability in the web framework code for the SQL database interface of the Cisco Prime Collabor... | | |
| CVE-2017-12277 | A vulnerability in the Smart Licensing Manager service of the Cisco Firepower 4100 Series Next-Gener... | | |
| CVE-2017-12278 | A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco Wireless LAN Con... | | |
| CVE-2017-12279 | A vulnerability in the packet processing code of Cisco IOS Software for Cisco Aironet Access Points ... | | |
| CVE-2017-12280 | A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) Discovery Request... | | |
| CVE-2017-12281 | A vulnerability in the implementation of Protected Extensible Authentication Protocol (PEAP) functio... | | |
| CVE-2017-12282 | A vulnerability in the Access Network Query Protocol (ANQP) ingress frame processing functionality o... | | |
| CVE-2017-12283 | A vulnerability in the handling of 802.11w Protected Management Frames (PAF) by Cisco Aironet 3800 S... | | |
| CVE-2017-12284 | A vulnerability in the web interface of Cisco Jabber for Windows Client could allow an authenticated... | | |
| CVE-2017-12285 | A vulnerability in the web interface of Cisco Network Analysis Module Software could allow an unauth... | | |
| CVE-2017-12286 | A vulnerability in the web interface of Cisco Jabber could allow an authenticated, local attacker to... | | |
| CVE-2017-12287 | A vulnerability in the cluster database (CDB) management component of Cisco Expressway Series Softwa... | | |
| CVE-2017-12288 | A vulnerability in the web-based management interface of Cisco Unified Contact Center Express could ... | M | |
| CVE-2017-12289 | A vulnerability in conditional, verbose debug logging for the IPsec feature of Cisco IOS XE Software... | | |
| CVE-2017-12290 | Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-base... | | |
| CVE-2017-12291 | Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-base... | | |
| CVE-2017-12292 | Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-base... | | |
| CVE-2017-12293 | A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to ca... | | |
| CVE-2017-12294 | A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to cond... | | |
| CVE-2017-12295 | A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to ac... | | |
| CVE-2017-12296 | A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to co... | | |
| CVE-2017-12297 | A vulnerability in Cisco WebEx Meeting Center could allow an authenticated, remote attacker to initi... | | |
| CVE-2017-12298 | A vulnerability in Cisco WebEx Meeting Center could allow an unauthenticated, remote attacker to con... | | |
| CVE-2017-12299 | A vulnerability exists in the process of creating default IP blocks during device initialization for... | | |
| CVE-2017-12300 | A vulnerability in the SNORT detection engine of Cisco Firepower System Software could allow an unau... | | |
| CVE-2017-12301 | A vulnerability in the Python scripting subsystem of Cisco NX-OS Software could allow an authenticat... | | |
| CVE-2017-12302 | A vulnerability in the Cisco Unified Communications Manager SQL database interface could allow an au... | | |
| CVE-2017-12303 | A vulnerability in the Advanced Malware Protection (AMP) file filtering feature of Cisco AsyncOS Sof... | | |
| CVE-2017-12304 | A vulnerability in the IOS daemon (IOSd) web-based management interface of Cisco IOS and IOS XE Soft... | | |
| CVE-2017-12305 | A vulnerability in the debug interface of Cisco IP Phone 8800 series could allow an authenticated, l... | | |
| CVE-2017-12306 | A vulnerability in the upgrade process of Cisco Spark Board could allow an authenticated, local atta... | | |
| CVE-2017-12307 | A vulnerability in the web framework of Cisco Small Business Managed Switches software could allow a... | | |
| CVE-2017-12308 | A vulnerability in the web framework of Cisco Small Business Managed Switches software could allow a... | | |
| CVE-2017-12309 | A vulnerability in the Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote a... | | |
| CVE-2017-12310 | A vulnerability in the auto discovery phase of Cisco Spark Hybrid Calendar Service could allow an un... | | |
| CVE-2017-12311 | A vulnerability in the H.264 decoder function of Cisco Meeting Server could allow an unauthenticated... | | |
| CVE-2017-12312 | An untrusted search path (aka DLL Preloading) vulnerability in the Cisco Immunet antimalware install... | | |
| CVE-2017-12313 | An untrusted search path (aka DLL Preload) vulnerability in the Cisco Network Academy Packet Tracer ... | | |
| CVE-2017-12314 | A vulnerability in the Cisco FindIT Network Discovery Utility could allow an authenticated, local at... | | |
| CVE-2017-12315 | A vulnerability in system logging when replication is being configured with the Cisco HyperFlex Syst... | | |
| CVE-2017-12316 | A vulnerability in the Guest Portal login page of Cisco Identity Services Engine (ISE) could allow a... | | |
| CVE-2017-12317 | The Cisco AMP For Endpoints application allows an authenticated, local attacker to access a static k... | | |
| CVE-2017-12318 | A vulnerability in the TCP state machine of Cisco RF Gateway 1 devices could allow an unauthenticate... | | |
| CVE-2017-12319 | A vulnerability in the Border Gateway Protocol (BGP) over an Ethernet Virtual Private Network (EVPN)... | KEV | |
| CVE-2017-12320 | Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-base... | | |
| CVE-2017-12321 | Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-base... | | |
| CVE-2017-12322 | Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-base... | | |
| CVE-2017-12323 | Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-base... | | |
| CVE-2017-12328 | A vulnerability in Session Initiation Protocol (SIP) call handling in Cisco IP Phone 8800 Series dev... | | |
| CVE-2017-12329 | A vulnerability in the CLI of Cisco Firepower Extensible Operating System (FXOS) and NX-OS System So... | | |
| CVE-2017-12330 | A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attack... | | |
| CVE-2017-12331 | A vulnerability in Cisco NX-OS System Software could allow an authenticated, local attacker to bypas... | | |
| CVE-2017-12332 | A vulnerability in Cisco NX-OS System Software patch installation could allow an authenticated, loca... | | |
| CVE-2017-12333 | A vulnerability in Cisco NX-OS System Software could allow an authenticated, local attacker to bypas... | | |
| CVE-2017-12334 | A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attack... | | |
| CVE-2017-12335 | A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attack... | | |
| CVE-2017-12336 | A vulnerability in the TCL scripting subsystem of Cisco NX-OS System Software could allow an authent... | | |
| CVE-2017-12337 | A vulnerability in the upgrade mechanism of Cisco collaboration products based on the Cisco Voice Op... | | |
| CVE-2017-12338 | A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attack... | | |
| CVE-2017-12339 | A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attack... | | |
| CVE-2017-12340 | A vulnerability in Cisco NX-OS System Software running on Cisco MDS Multilayer Director Switches, Ci... | | |
| CVE-2017-12341 | A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attack... | | |
| CVE-2017-12342 | A vulnerability in the Open Agent Container (OAC) feature of Cisco Nexus Series Switches could allow... | | |
| CVE-2017-12343 | Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) Software could allow a remote a... | | |
| CVE-2017-12344 | Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) Software could allow a remote a... | | |
| CVE-2017-12345 | Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) Software could allow a remote a... | | |
| CVE-2017-12346 | Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) Software could allow a remote a... | | |
| CVE-2017-12347 | Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) Software could allow a remote a... | | |
| CVE-2017-12348 | Multiple vulnerabilities in the web-based management interface of Cisco UCS Central Software could a... | | |
| CVE-2017-12349 | Multiple vulnerabilities in the web-based management interface of Cisco UCS Central Software could a... | | |
| CVE-2017-12350 | A vulnerability in Cisco Umbrella Insights Virtual Appliances 2.1.0 and earlier could allow an authe... | | |
| CVE-2017-12351 | A vulnerability in the guest shell feature of Cisco NX-OS System Software could allow an authenticat... | | |
| CVE-2017-12352 | A vulnerability in certain system script files that are installed at boot time on Cisco Application ... | | |
| CVE-2017-12353 | A vulnerability in the Multipurpose Internet Mail Extensions (MIME) scanner of Cisco AsyncOS Softwar... | | |
| CVE-2017-12354 | A vulnerability in the web-based interface of Cisco Secure Access Control System (ACS) could allow a... | | |
| CVE-2017-12355 | A vulnerability in the Local Packet Transport Services (LPTS) ingress frame-processing functionality... | | |
| CVE-2017-12356 | A vulnerability in the web-based management interface of Cisco Jabber for Windows, Mac, Android, and... | | |
| CVE-2017-12357 | A vulnerability in the web-based management interface of Cisco Unified Communications Manager could ... | | |
| CVE-2017-12358 | A vulnerability in the web-based management interface of Cisco Jabber for Windows, Mac, Android, and... | | |
| CVE-2017-12359 | A Buffer Overflow vulnerability in Cisco WebEx Network Recording Player for Advanced Recording Forma... | | |
| CVE-2017-12360 | A vulnerability in Cisco WebEx Network Recording Player for WebEx Recording Format (WRF) files could... | | |
| CVE-2017-12361 | A vulnerability in Cisco Jabber for Windows could allow an unauthenticated, local attacker to access... | | |
| CVE-2017-12362 | A vulnerability in Cisco Meeting Server versions prior to 2.2.2 could allow an authenticated, remote... | | |
| CVE-2017-12363 | A vulnerability in Cisco WebEx Meeting Server could allow an unauthenticated, remote attacker to mod... | | |
| CVE-2017-12364 | A SQL Injection vulnerability in the web framework of Cisco Prime Service Catalog could allow an una... | | |
| CVE-2017-12365 | A vulnerability in Cisco WebEx Event Center could allow an authenticated, remote attacker to view un... | | |
| CVE-2017-12366 | A vulnerability in Cisco WebEx Meeting Center could allow an unauthenticated, remote attacker to con... | | |
| CVE-2017-12367 | A "Cisco WebEx Network Recording Player Denial of Service Vulnerability" exists in Cisco WebEx Netwo... | | |
| CVE-2017-12368 | A "Cisco WebEx Network Recording Player Remote Code Execution Vulnerability" exists in Cisco WebEx N... | | |
| CVE-2017-12369 | A "Cisco WebEx Network Recording Player Out-of-Bounds Vulnerability" exists in Cisco WebEx Network R... | | |
| CVE-2017-12370 | A "Cisco WebEx Network Recording Player Remote Code Execution Vulnerability" exists in Cisco WebEx N... | | |
| CVE-2017-12371 | A "Cisco WebEx Network Recording Player Remote Code Execution Vulnerability" exists in Cisco WebEx N... | | |
| CVE-2017-12372 | A "Cisco WebEx Network Recording Player Remote Code Execution Vulnerability" exists in Cisco WebEx N... | | |
| CVE-2017-12373 | A vulnerability in the TLS protocol implementation of legacy Cisco ASA 5500 Series (ASA 5505, 5510, ... | M | |
| CVE-2017-12374 | The ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an ... | E S | |
| CVE-2017-12375 | The ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an ... | E S | |
| CVE-2017-12376 | ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unau... | E S | |
| CVE-2017-12377 | ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unau... | E | |
| CVE-2017-12378 | ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unau... | E S | |
| CVE-2017-12379 | ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unau... | E | |
| CVE-2017-12380 | ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unau... | E | |
| CVE-2017-12410 | It is possible to exploit a Time of Check & Time of Use (TOCTOU) vulnerability by winning a race con... | | |
| CVE-2017-12412 | ccn-lite-ccnb2xml in CCN-lite before 2.0.0 allows context-dependent attackers to have unspecified im... | | |
| CVE-2017-12413 | AXIS 2100 devices 2.43 have XSS via the URI, possibly related to admin/admin.shtml.... | E | |
| CVE-2017-12414 | Format Factory 4.1.0 has a DLL Hijacking Vulnerability because an untrusted search path is used for ... | E M | |
| CVE-2017-12415 | OXID eShop Community Edition before 6.0.0 RC2 (development), 4.10.x before 4.10.5 (maintenance), and... | E | |
| CVE-2017-12416 | Cross-site scripting (XSS) vulnerability in the GlobalProtect internal and external gateway interfac... | | |
| CVE-2017-12418 | ImageMagick 7.0.6-5 has memory leaks in the parse8BIMW and format8BIM functions in coders/meta.c, re... | S | |
| CVE-2017-12419 | If, after successful installation of MantisBT through 2.5.2 on MySQL/MariaDB, the administrator does... | | |
| CVE-2017-12420 | Heap-based buffer overflow in the SMB implementation in NetApp Clustered Data ONTAP before 8.3.2P8 a... | S | |
| CVE-2017-12421 | NetApp Clustered Data ONTAP 8.3.x before 8.3.2P12 allows remote authenticated users to execute arbit... | | |
| CVE-2017-12422 | NetApp StorageGRID Webscale 10.2.x before 10.2.2.3, 10.3.x before 10.3.0.4, and 10.4.x before 10.4.0... | | |
| CVE-2017-12423 | NetApp Clustered Data ONTAP 8.3.x before 8.3.2P12 allows remote authenticated users to read data on ... | | |
| CVE-2017-12424 | In shadow before 4.5, the newusers tool could be made to manipulate internal data structures in ways... | S | |
| CVE-2017-12425 | An issue was discovered in Varnish HTTP Cache 4.0.1 through 4.0.4, 4.1.0 through 4.1.7, 5.0.0, and 5... | | |
| CVE-2017-12426 | GitLab Community Edition (CE) and Enterprise Edition (EE) before 8.17.8, 9.0.x before 9.0.13, 9.1.x ... | M | |
| CVE-2017-12427 | The ProcessMSLScript function in coders/msl.c in ImageMagick before 6.9.9-5 and 7.x before 7.0.6-5 a... | S | |
| CVE-2017-12428 | In ImageMagick 7.0.6-1, a memory leak vulnerability was found in the function ReadWMFImage in coders... | S | |
| CVE-2017-12429 | In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in the function ReadMIFFImage in... | S | |
| CVE-2017-12430 | In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in the function ReadMPCImage in ... | S | |
| CVE-2017-12431 | In ImageMagick 7.0.6-1, a use-after-free vulnerability was found in the function ReadWMFImage in cod... | S | |
| CVE-2017-12432 | In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in the function ReadPCXImage in ... | S | |
| CVE-2017-12433 | In ImageMagick 7.0.6-1, a memory leak vulnerability was found in the function ReadPESImage in coders... | S | |
| CVE-2017-12434 | In ImageMagick 7.0.6-1, a missing NULL check vulnerability was found in the function ReadMATImage in... | S | |
| CVE-2017-12435 | In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in the function ReadSUNImage in ... | S | |
| CVE-2017-12439 | SocuSoft Flash Slideshow Maker Professional through v5.20, when the advanced configuration is used, ... | E | |
| CVE-2017-12440 | Aodh as packaged in Openstack Ocata and Newton before change-ID I8fd11a7f9fe3c0ea5f9843a89686ac06713... | S | |
| CVE-2017-12441 | The row_is_empty function in base/4bitmap.c:274 in minidjvu 0.8 can cause a denial of service (inval... | | |
| CVE-2017-12442 | The row_is_empty function in base/4bitmap.c:272 in minidjvu 0.8 can cause a denial of service (inval... | | |
| CVE-2017-12443 | The mdjvu_bitmap_pack_row function in base/4bitmap.c in minidjvu 0.8 can cause a denial of service (... | | |
| CVE-2017-12444 | The mdjvu_bitmap_get_bounding_box function in base/4bitmap.c in minidjvu 0.8 can cause a denial of s... | | |
| CVE-2017-12445 | The JB2BitmapCoder::code_row_by_refinement function in jb2/bmpcoder.cpp in minidjvu 0.8 can cause a ... | | |
| CVE-2017-12447 | GdkPixBuf (aka gdk-pixbuf), possibly 2.32.2, as used by GNOME Nautilus 3.14.3 on Ubuntu 16.04, allow... | E | |
| CVE-2017-12448 | The bfd_cache_close function in bfd/cache.c in the Binary File Descriptor (BFD) library (aka libbfd)... | S | |
| CVE-2017-12449 | The _bfd_vms_save_sized_string function in vms-misc.c in the Binary File Descriptor (BFD) library (a... | S | |
| CVE-2017-12450 | The alpha_vms_object_p function in bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka ... | S | |
| CVE-2017-12451 | The _bfd_xcoff_read_ar_hdr function in bfd/coff-rs6000.c and bfd/coff64-rs6000.c in the Binary File ... | S | |
| CVE-2017-12452 | The bfd_mach_o_i386_canonicalize_one_reloc function in bfd/mach-o-i386.c in the Binary File Descript... | S | |
| CVE-2017-12453 | The _bfd_vms_slurp_eeom function in libbfd.c in the Binary File Descriptor (BFD) library (aka libbfd... | S | |
| CVE-2017-12454 | The _bfd_vms_slurp_egsd function in bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka... | S | |
| CVE-2017-12455 | The evax_bfd_print_emh function in vms-alpha.c in the Binary File Descriptor (BFD) library (aka libb... | S | |
| CVE-2017-12456 | The read_symbol_stabs_debugging_info function in rddbg.c in GNU Binutils 2.29 and earlier allows rem... | S | |
| CVE-2017-12457 | The bfd_make_section_with_flags function in section.c in the Binary File Descriptor (BFD) library (a... | S | |
| CVE-2017-12458 | The nlm_swap_auxiliary_headers_in function in bfd/nlmcode.h in the Binary File Descriptor (BFD) libr... | S | |
| CVE-2017-12459 | The bfd_mach_o_read_symtab_strtab function in bfd/mach-o.c in the Binary File Descriptor (BFD) libra... | S | |
| CVE-2017-12460 | An issue was discovered in Barco ClickShare CSM-1 firmware before v1.7.0.3 and CSC-1 firmware before... | | |
| CVE-2017-12463 | Memory leak in the ccnl_app_RX function in ccnl-uapi.c in CCN-lite before 2.00 allows context-depend... | | |
| CVE-2017-12464 | ccn-lite-valid.c in CCN-lite before 2.00 allows context-dependent attackers to cause a denial of ser... | | |
| CVE-2017-12465 | Multiple integer overflows in CCN-lite before 2.00 allow context-dependent attackers to have unspeci... | | |
| CVE-2017-12466 | CCN-lite before 2.00 allows context-dependent attackers to have unspecified impact via vectors relat... | | |
| CVE-2017-12467 | Memory leak in CCN-lite before 2.00 allows context-dependent attackers to cause a denial of service ... | | |
| CVE-2017-12468 | Buffer overflow in ccn-lite-ccnb2xml.c in CCN-lite before 2.00 allows context-dependent attackers to... | | |
| CVE-2017-12469 | Buffer overflow in util/ccnl-common.c in CCN-lite before 2.00 allows context-dependent attackers to ... | | |
| CVE-2017-12470 | Integer overflow in the ndn_parse_sequence function in CCN-lite before 2.00 allows context-dependent... | | |
| CVE-2017-12471 | The cnb_parse_lev function in CCN-lite before 2.00 allows context-dependent attackers to have unspec... | | |
| CVE-2017-12472 | ccnl-ext-mgmt.c in CCN-lite before 2.00 allows context-dependent attackers to have unspecified impac... | | |
| CVE-2017-12473 | ccnl_ccntlv_bytes2pkt in CCN-lite allows context-dependent attackers to cause a denial of service (a... | | |
| CVE-2017-12474 | The AP4_AtomSampleTable::GetSample function in Core/Ap4AtomSampleTable.cpp in Bento4 mp42ts before 1... | S | |
| CVE-2017-12475 | The AP4_Processor::Process function in Core/Ap4Processor.cpp in Bento4 mp4encrypt before 1.5.0-616 a... | S | |
| CVE-2017-12476 | The AP4_AvccAtom::InspectFields function in Core/Ap4AvccAtom.cpp in Bento4 mp4dump before 1.5.0-616 ... | S | |
| CVE-2017-12477 | It was discovered that the bpserverd proprietary protocol in Unitrends Backup (UB) before 10.0.0, as... | E | |
| CVE-2017-12478 | It was discovered that the api/storage web interface in Unitrends Backup (UB) before 10.0.0 has an i... | E | |
| CVE-2017-12479 | It was discovered that an issue in the session logic in Unitrends Backup (UB) before 10.0.0 allowed ... | | |
| CVE-2017-12480 | Sandboxie installer 5071703 has a DLL Hijacking or Unsafe DLL Loading Vulnerability via a Trojan hor... | | |
| CVE-2017-12481 | The find_option function in option.cc in Ledger 3.1.1 allows remote attackers to cause a denial of s... | | |
| CVE-2017-12482 | The ledger::parse_date_mask_routine function in times.cc in Ledger 3.1.1 allows remote attackers to ... | | |
| CVE-2017-12487 | A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7... | | |
| CVE-2017-12488 | A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7... | | |
| CVE-2017-12489 | A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7... | | |
| CVE-2017-12490 | A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7... | | |
| CVE-2017-12491 | A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7... | | |
| CVE-2017-12492 | A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7... | | |
| CVE-2017-12493 | A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7... | | |
| CVE-2017-12494 | A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7... | | |
| CVE-2017-12495 | A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7... | | |
| CVE-2017-12496 | A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7... | | |
| CVE-2017-12497 | A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7... | | |
| CVE-2017-12498 | A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7... | | |
| CVE-2017-12499 | A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7... | | |
| CVE-2017-12500 | A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7... | E | |
| CVE-2017-12501 | A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7... | | |
| CVE-2017-12502 | A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7... | | |
| CVE-2017-12503 | A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7... | | |
| CVE-2017-12504 | A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7... | | |
| CVE-2017-12505 | A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7... | | |
| CVE-2017-12506 | A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7... | | |
| CVE-2017-12507 | A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7... | | |
| CVE-2017-12508 | A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7... | | |
| CVE-2017-12509 | A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7... | | |
| CVE-2017-12510 | A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7... | | |
| CVE-2017-12511 | A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7... | | |
| CVE-2017-12512 | A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7... | | |
| CVE-2017-12513 | A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7... | | |
| CVE-2017-12514 | A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7... | | |
| CVE-2017-12515 | A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7... | | |
| CVE-2017-12516 | A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7... | | |
| CVE-2017-12517 | A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7... | | |
| CVE-2017-12518 | A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7... | | |
| CVE-2017-12519 | A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7... | | |
| CVE-2017-12520 | A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7... | | |
| CVE-2017-12521 | A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7... | | |
| CVE-2017-12522 | A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7... | | |
| CVE-2017-12523 | A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7... | | |
| CVE-2017-12524 | A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7... | | |
| CVE-2017-12525 | A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7... | | |
| CVE-2017-12526 | A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7... | | |
| CVE-2017-12527 | A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7... | | |
| CVE-2017-12528 | A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7... | | |
| CVE-2017-12529 | A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7... | | |
| CVE-2017-12530 | A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7... | | |
| CVE-2017-12531 | A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7... | | |
| CVE-2017-12532 | A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7... | | |
| CVE-2017-12533 | A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7... | | |
| CVE-2017-12534 | A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7... | | |
| CVE-2017-12535 | A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7... | | |
| CVE-2017-12536 | A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7... | | |
| CVE-2017-12537 | A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7... | | |
| CVE-2017-12538 | A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7... | | |
| CVE-2017-12539 | A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7... | | |
| CVE-2017-12540 | A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7... | | |
| CVE-2017-12541 | A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7... | | |
| CVE-2017-12542 | A authentication bypass and execution of code vulnerability in HPE Integrated Lights-out 4 (iLO 4) v... | E | |
| CVE-2017-12543 | A remote disclosure of information vulnerability in Moonshot Remote Console Administrator Prior to 2... | | |
| CVE-2017-12544 | A cross-site scripting vulnerability in HPE System Management Homepage for Windows and Linux version... | | |
| CVE-2017-12545 | A remote denial of service vulnerability in HPE System Management Homepage for Windows and Linux ver... | E | |
| CVE-2017-12546 | A local buffer overflow vulnerability in HPE System Management Homepage for Windows and Linux versio... | | |
| CVE-2017-12547 | A local arbitrary command execution vulnerability in HPE System Management Homepage for Windows and ... | | |
| CVE-2017-12548 | A local arbitrary command execution vulnerability in HPE System Management Homepage for Windows and ... | | |
| CVE-2017-12549 | A local authentication bypass vulnerability in HPE System Management Homepage for Windows and Linux ... | | |
| CVE-2017-12550 | A local security misconfiguration vulnerability in HPE System Management Homepage for Windows and Li... | | |
| CVE-2017-12551 | A local arbitrary execution of commands vulnerability in HPE System Management Homepage for Windows ... | | |
| CVE-2017-12552 | A local arbitrary execution of commands vulnerability in HPE System Management Homepage for Windows ... | | |
| CVE-2017-12553 | A local authentication bypass vulnerability in HPE System Management Homepage for Windows and Linux ... | | |
| CVE-2017-12554 | A remote code execution vulnerability in HPE intelligent Management Center (iMC) PLAT iMC Plat 7.3 E... | | |
| CVE-2017-12555 | A remote arbitrary file download and disclosure of information vulnerability in HPE Intelligent Mana... | | |
| CVE-2017-12556 | A Remote Code Execution vulnerability in HPE intelligent Management Center (iMC) PLAT version IMC Pl... | | |
| CVE-2017-12557 | A Remote Code Execution vulnerability in HPE intelligent Management Center (iMC) PLAT version IMC Pl... | E | |
| CVE-2017-12558 | A Remote Code Execution vulnerability in HPE intelligent Management Center (iMC) PLAT version IMC Pl... | | |
| CVE-2017-12559 | A Remote Denial of Service vulnerability in HPE Intelligent Management Center (iMC) PLAT version iMC... | | |
| CVE-2017-12560 | A Remote Denial of Service vulnerability in HPE Intelligent Management Center (iMC) PLAT version iMC... | | |
| CVE-2017-12561 | A remote code execution vulnerability in HPE intelligent Management Center (iMC) PLAT version Plat 7... | | |
| CVE-2017-12562 | Heap-based Buffer Overflow in the psf_binheader_writef function in common.c in libsndfile through 1.... | S | |
| CVE-2017-12563 | In ImageMagick 7.0.6-2, a memory exhaustion vulnerability was found in the function ReadPSDImage in ... | S | |
| CVE-2017-12564 | In ImageMagick 7.0.6-2, a memory leak vulnerability was found in the function ReadMATImage in coders... | S | |
| CVE-2017-12565 | In ImageMagick 7.0.6-2, a memory leak vulnerability was found in the function ReadOneJNGImage in cod... | S | |
| CVE-2017-12566 | In ImageMagick 7.0.6-2, a memory leak vulnerability was found in the function ReadMVGImage in coders... | S | |
| CVE-2017-12567 | SQL injection exists in Quest KACE Asset Management Appliance 6.4.120822 through 7.2, Systems Manage... | | |
| CVE-2017-12568 | Denial of Service vulnerability in Debut embedded httpd 1.20 in Brother DCP-J132W (and probably othe... | | |
| CVE-2017-12572 | Persistent Cross Site Scripting (XSS) exists in Splunk Enterprise 6.5.x before 6.5.2, 6.4.x before 6... | | |
| CVE-2017-12573 | An issue was discovered on PLANEX CS-W50HD devices with firmware before 030720. The device has a com... | | |
| CVE-2017-12574 | An issue was discovered on PLANEX CS-W50HD devices with firmware before 030720. A hardcoded credenti... | | |
| CVE-2017-12575 | An issue was discovered on the NEC Aterm WG2600HP2 1.0.2. The router has a set of web service APIs f... | | |
| CVE-2017-12576 | An issue was discovered on the PLANEX CS-QR20 1.30. A hidden and undocumented management page allows... | | |
| CVE-2017-12577 | An issue was discovered on the PLANEX CS-QR20 1.30. A hardcoded account / password ("admin:password"... | | |
| CVE-2017-12579 | An insecure suid wrapper binary in the HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fu... | E | |
| CVE-2017-12580 | An issue was discovered in IDM UltraEdit through 24.10.0.32. To exploit the vulnerability, on unpatc... | S | |
| CVE-2017-12581 | GitHub Electron before 1.6.8 allows remote command execution because of a nodeIntegration bypass vul... | E | |
| CVE-2017-12582 | Unprivileged user can access all functions in the Surveillance Station component in QNAP TS212P devi... | | |
| CVE-2017-12583 | DokuWiki through 2017-02-19b has XSS in the at parameter (aka the DATE_AT variable) to doku.php.... | E | |
| CVE-2017-12584 | There is no CSRF mitigation in SLiMS 8 Akasia through 8.3.1. Also, an entire user profile (including... | E | |
| CVE-2017-12585 | SLiMS 8 Akasia through 8.3.1 has SQL injection in admin/AJAX_lookup_handler.php (tableName and table... | E | |
| CVE-2017-12586 | SLiMS 8 Akasia through 8.3.1 has an arbitrary file reading issue because of directory traversal in t... | E | |
| CVE-2017-12587 | ImageMagick 7.0.6-1 has a large loop vulnerability in the ReadPWPImage function in coders\pwp.c.... | S | |
| CVE-2017-12588 | The zmq3 input and output modules in rsyslog before 8.28.0 interpreted description fields as format ... | S | |
| CVE-2017-12589 | ToMAX R60G R60GV2-V2.0-v.2.6.3-170330 devices do not have any protection against a CSRF attack.... | E | |
| CVE-2017-12590 | ASUS RT-N14UHP devices before 3.0.0.4.380.8015 have a reflected XSS vulnerability in the "flag" para... | E | |
| CVE-2017-12591 | ASUS DSL-N10S V2.1.16_APAC devices have reflected and stored cross site scripting, as demonstrated b... | E | |
| CVE-2017-12592 | ASUS DSL-N10S V2.1.16_APAC devices have a privilege escalation vulnerability. A normal user can esca... | E | |
| CVE-2017-12593 | ASUS DSL-N10S V2.1.16_APAC devices allow CSRF.... | E | |
| CVE-2017-12595 | The tokenizer in QPDF 6.0.0 and 7.0.b1 is recursive for arrays and dictionaries, which allows remote... | S | |
| CVE-2017-12596 | In OpenEXR 2.2.0, a crafted image causes a heap-based buffer over-read in the hufDecode function in ... | E | |
| CVE-2017-12597 | OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of-bounds write error in the fun... | S | |
| CVE-2017-12598 | OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of-bounds read error in the cv::... | S | |
| CVE-2017-12599 | OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of-bounds read error in the func... | S | |
| CVE-2017-12600 | OpenCV (Open Source Computer Vision Library) through 3.3 has a denial of service (CPU consumption) i... | S | |
| CVE-2017-12601 | OpenCV (Open Source Computer Vision Library) through 3.3 has a buffer overflow in the cv::BmpDecoder... | S | |
| CVE-2017-12602 | OpenCV (Open Source Computer Vision Library) through 3.3 has a denial of service (memory consumption... | S | |
| CVE-2017-12603 | OpenCV (Open Source Computer Vision Library) through 3.3 has an invalid write in the cv::RLByteStrea... | S | |
| CVE-2017-12604 | OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of-bounds write error in the Fil... | S | |
| CVE-2017-12605 | OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of-bounds write error in the Fil... | S | |
| CVE-2017-12606 | OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of-bounds write error in the fun... | S | |
| CVE-2017-12607 | A vulnerability in OpenOffice's PPT file parser before 4.1.4, and specifically in PPTStyleSheet, all... | | |
| CVE-2017-12608 | A vulnerability in Apache OpenOffice Writer DOC file parser before 4.1.4, and specifically in Import... | | |
| CVE-2017-12609 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was wi... | R | |
| CVE-2017-12610 | In Apache Kafka 0.10.0.0 to 0.10.2.1 and 0.11.0.0 to 0.11.0.1, authenticated Kafka clients may use i... | | |
| CVE-2017-12611 | In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in... | E S | |
| CVE-2017-12612 | In Apache Spark 1.6.0 until 2.1.1, the launcher API performs unsafe deserialization of data received... | | |
| CVE-2017-12613 | When apr_time_exp*() or apr_os_exp_time*() functions are invoked with an invalid month field value i... | | |
| CVE-2017-12614 | It was noticed an XSS in certain 404 pages that could be exploited to perform an XSS attack. Chrome ... | | |
| CVE-2017-12615 | When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the r... | KEV E S | |
| CVE-2017-12616 | When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security... | | |
| CVE-2017-12617 | When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.... | KEV E S | |
| CVE-2017-12618 | Apache Portable Runtime Utility (APR-util) 1.6.0 and prior fail to validate the integrity of SDBM da... | | |
| CVE-2017-12619 | Apache Zeppelin prior to 0.7.3 was vulnerable to session fixation which allowed an attacker to hijac... | | |
| CVE-2017-12620 | When loading models or dictionaries that contain XML it is possible to perform an XXE attack, since ... | E | |
| CVE-2017-12621 | During Jelly (xml) file parsing with Apache Xerces, if a custom doctype entity is declared with a "S... | S | |
| CVE-2017-12622 | When an Apache Geode cluster before v1.3.0 is operating in secure mode and an authenticated user con... | | |
| CVE-2017-12623 | An authorized user could upload a template which contained malicious code and accessed sensitive fil... | | |
| CVE-2017-12624 | Apache CXF supports sending and receiving attachments via either the JAX-WS or JAX-RS specifications... | | |
| CVE-2017-12625 | Apache Hive 2.1.x before 2.1.2, 2.2.x before 2.2.1, and 2.3.x before 2.3.1 expose an interface throu... | | |
| CVE-2017-12626 | Apache POI in versions prior to release 3.17 are vulnerable to Denial of Service Attacks: 1) Infinit... | | |
| CVE-2017-12627 | In Apache Xerces-C XML Parser library before 3.2.1, processing of external DTD paths can result in a... | | |
| CVE-2017-12628 | The JMX server embedded in Apache James, also used by the command line client is exposed to a java d... | | |
| CVE-2017-12629 | Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting X... | E | |
| CVE-2017-12630 | In Apache Drill 1.11.0 and earlier when submitting form from Query page users are able to pass arbit... | | |
| CVE-2017-12631 | Apache CXF Fediz ships with a number of container-specific plugins to enable WS-Federation for appli... | | |
| CVE-2017-12632 | A malicious host header in an incoming HTTP request could cause NiFi to load resources from an exter... | | |
| CVE-2017-12633 | The camel-hessian component in Apache Camel 2.x before 2.19.4 and 2.20.x before 2.20.1 is vulnerable... | | |
| CVE-2017-12634 | The camel-castor component in Apache Camel 2.x before 2.19.4 and 2.20.x before 2.20.1 is vulnerable ... | | |
| CVE-2017-12635 | Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible ... | E | |
| CVE-2017-12636 | CouchDB administrative users can configure the database server via HTTP(S). Some of the configuratio... | E | |
| CVE-2017-12637 | Directory traversal vulnerability in scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS in SAP NetW... | KEV | |
| CVE-2017-12638 | Stack based buffer overflow in Ipswitch IMail server up to and including 12.5.5 allows remote attack... | | |
| CVE-2017-12639 | Stack based buffer overflow in Ipswitch IMail server up to and including 12.5.5 allows remote attack... | | |
| CVE-2017-12640 | ImageMagick 7.0.6-1 has an out-of-bounds read vulnerability in ReadOneMNGImage in coders/png.c.... | S | |
| CVE-2017-12641 | ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadOneJNGImage in coders\png.c.... | S | |
| CVE-2017-12642 | ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadMPCImage in coders\mpc.c.... | S | |
| CVE-2017-12643 | ImageMagick 7.0.6-1 has a memory exhaustion vulnerability in ReadOneJNGImage in coders\png.c.... | S | |
| CVE-2017-12644 | ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadDCMImage in coders\dcm.c.... | S | |
| CVE-2017-12645 | XSS exists in Liferay Portal before 7.0 CE GA4 via an invalid portletId.... | S | |
| CVE-2017-12646 | XSS exists in Liferay Portal before 7.0 CE GA4 via a login name, password, or e-mail address.... | S | |
| CVE-2017-12647 | XSS exists in Liferay Portal before 7.0 CE GA4 via a Knowledge Base article title.... | S | |
| CVE-2017-12648 | XSS exists in Liferay Portal before 7.0 CE GA4 via a bookmark URL.... | S | |
| CVE-2017-12649 | XSS exists in Liferay Portal before 7.0 CE GA4 via a crafted title or summary that is mishandled in ... | S | |
| CVE-2017-12650 | SQL Injection exists in the Loginizer plugin before 1.3.6 for WordPress via the X-Forwarded-For HTTP... | | |
| CVE-2017-12651 | Cross Site Request Forgery (CSRF) exists in the Blacklist and Whitelist IP Wizard in init.php in the... | | |
| CVE-2017-12652 | libpng before 1.6.32 does not properly check the length of chunks against the user limit.... | | |
| CVE-2017-12653 | 360 Total Security 9.0.0.1202 before 2017-07-07 allows Privilege Escalation via a Trojan horse Shcor... | | |
| CVE-2017-12654 | The ReadPICTImage function in coders/pict.c in ImageMagick 7.0.6-3 allows attackers to cause a denia... | S | |
| CVE-2017-12655 | Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via the query parameter to log.php in a d... | E | |
| CVE-2017-12662 | ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePDFImage in coders/pdf.c.... | S | |
| CVE-2017-12663 | ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteMAPImage in coders/map.c.... | S | |
| CVE-2017-12664 | ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePALMImage in coders/palm.c.... | S | |
| CVE-2017-12665 | ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePICTImage in coders/pict.c.... | S | |
| CVE-2017-12666 | ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteINLINEImage in coders/inline.c.... | S | |
| CVE-2017-12667 | ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadMATImage in coders\mat.c.... | S | |
| CVE-2017-12668 | ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePCXImage in coders/pcx.c.... | S | |
| CVE-2017-12669 | ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteCALSImage in coders/cals.c.... | S | |
| CVE-2017-12670 | In ImageMagick 7.0.6-3, missing validation was found in coders/mat.c, leading to an assertion failur... | S | |
| CVE-2017-12671 | In ImageMagick 7.0.6-3, a missing NULL assignment was found in coders/png.c, leading to an invalid f... | S | |
| CVE-2017-12672 | In ImageMagick 7.0.6-3, a memory leak vulnerability was found in the function ReadMATImage in coders... | S | |
| CVE-2017-12673 | In ImageMagick 7.0.6-3, a memory leak vulnerability was found in the function ReadOneMNGImage in cod... | S | |
| CVE-2017-12674 | In ImageMagick 7.0.6-2, a CPU exhaustion vulnerability was found in the function ReadPDBImage in cod... | S | |
| CVE-2017-12675 | In ImageMagick 7.0.6-3, a missing check for multidimensional data was found in coders/mat.c, leading... | S | |
| CVE-2017-12676 | In ImageMagick 7.0.6-3, a memory leak vulnerability was found in the function ReadOneJNGImage in cod... | S | |
| CVE-2017-12677 | IdentityServer3 2.4.x, 2.5.x, and 2.6.x before 2.6.1 has XSS in an Angular expression on the authori... | | |
| CVE-2017-12678 | In TagLib 1.11.1, the rebuildAggregateFrames function in id3v2framefactory.cpp has a pointer to cast... | S | |
| CVE-2017-12679 | SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the delcheater parameter to cheaterbox.php.... | E | |
| CVE-2017-12680 | Cross-Site Scripting (XSS) exists in NexusPHP 1.5 via the type parameter to shoutbox.php.... | E | |
| CVE-2017-12691 | The ReadOneLayer function in coders/xcf.c in ImageMagick 7.0.6-6 allows remote attackers to cause a ... | S | |
| CVE-2017-12692 | The ReadVIFFImage function in coders/viff.c in ImageMagick 7.0.6-6 allows remote attackers to cause ... | E S | |
| CVE-2017-12693 | The ReadBMPImage function in coders/bmp.c in ImageMagick 7.0.6-6 allows remote attackers to cause a ... | E S | |
| CVE-2017-12694 | A Directory Traversal issue was discovered in SpiderControl SCADA Web Server. An attacker may be abl... | M | |
| CVE-2017-12695 | An Improper Authentication issue was discovered in General Motors (GM) and Shanghai OnStar (SOS) SOS... | M | |
| CVE-2017-12697 | A Man-in-the-Middle issue was discovered in General Motors (GM) and Shanghai OnStar (SOS) SOS iOS Cl... | M | |
| CVE-2017-12698 | An Improper Authentication issue was discovered in Advantech WebAccess versions prior to V8.2_201708... | | |
| CVE-2017-12699 | An Incorrect Default Permissions issue was discovered in AzeoTech DAQFactory versions prior to 17.1.... | | |
| CVE-2017-12701 | BMC Medical Luna CPAP Machines released prior to July 1, 2017, contain an improper input validation ... | | |
| CVE-2017-12702 | An Externally Controlled Format String issue was discovered in Advantech WebAccess versions prior to... | | |
| CVE-2017-12703 | A Cross-Site Request Forgery (CSRF) issue was discovered in Westermo MRD-305-DIN versions older than... | | |
| CVE-2017-12704 | A heap-based buffer overflow issue was discovered in Advantech WebAccess versions prior to V8.2_2017... | | |
| CVE-2017-12705 | A Heap-Based Buffer Overflow issue was discovered in Advantech WebOP. A maliciously crafted project ... | M | |
| CVE-2017-12706 | A stack-based buffer overflow issue was discovered in Advantech WebAccess versions prior to V8.2_201... | | |
| CVE-2017-12707 | A Stack-based Buffer Overflow issue was discovered in SpiderControl SCADA MicroBrowser Versions 1.6.... | | |
| CVE-2017-12708 | An Improper Restriction Of Operations Within The Bounds Of A Memory Buffer issue was discovered in A... | | |
| CVE-2017-12709 | A Use of Hard-Coded Credentials issue was discovered in MRD-305-DIN versions older than 1.7.5.0, and... | | |
| CVE-2017-12710 | A SQL Injection issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. By subm... | | |
| CVE-2017-12711 | An Incorrect Privilege Assignment issue was discovered in Advantech WebAccess versions prior to V8.2... | | |
| CVE-2017-12712 | The authentication algorithm in Abbott Laboratories pacemakers manufactured prior to Aug 28, 2017, w... | | |
| CVE-2017-12713 | An Incorrect Permission Assignment for Critical Resource issue was discovered in Advantech WebAccess... | | |
| CVE-2017-12714 | Abbott Laboratories pacemakers manufactured prior to Aug 28, 2017 do not restrict or limit the numbe... | | |
| CVE-2017-12716 | Abbott Laboratories Accent and Anthem pacemakers manufactured prior to Aug 28, 2017 transmit unencry... | | |
| CVE-2017-12717 | An Uncontrolled Search Path Element issue was discovered in Advantech WebAccess versions prior to V8... | | |
| CVE-2017-12718 | A Classic Buffer Overflow issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Inf... | E | |
| CVE-2017-12719 | An Untrusted Pointer Dereference issue was discovered in Advantech WebAccess versions prior to V8.2_... | | |
| CVE-2017-12720 | An Improper Access Control issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe In... | | |
| CVE-2017-12721 | An Improper Certificate Validation issue was discovered in Smiths Medical Medfusion 4000 Wireless Sy... | | |
| CVE-2017-12722 | An Out-of-bounds Read issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusio... | | |
| CVE-2017-12723 | A Password in Configuration File issue was discovered in Smiths Medical Medfusion 4000 Wireless Syri... | | |
| CVE-2017-12724 | A Use of Hard-coded Credentials issue was discovered in Smiths Medical Medfusion 4000 Wireless Syrin... | | |
| CVE-2017-12725 | A Use of Hard-coded Credentials issue was discovered in Smiths Medical Medfusion 4000 Wireless Syrin... | | |
| CVE-2017-12726 | A Use of Hard-coded Password issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe ... | | |
| CVE-2017-12728 | An Improper Privilege Management issue was discovered in SpiderControl SCADA Web Server Version 2.02... | | |
| CVE-2017-12729 | A SQL Injection issue was discovered in Moxa SoftCMS Live Viewer through 1.6. An improper neutraliza... | M | |
| CVE-2017-12730 | An Unquoted Search Path issue was discovered in mySCADA myPRO Versions 7.0.26 and prior. Application... | M | |
| CVE-2017-12731 | A SQL Injection issue was discovered in OPW Fuel Management Systems SiteSentinel Integra 100, SiteSe... | M | |
| CVE-2017-12732 | A Stack-based Buffer Overflow issue was discovered in GE CIMPLICITY Versions 9.0 and prior. A functi... | | |
| CVE-2017-12733 | A Missing Authentication for Critical Function issue was discovered in OPW Fuel Management Systems S... | M | |
| CVE-2017-12734 | A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V1.81.2). ... | S | |
| CVE-2017-12735 | A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). An ... | | |
| CVE-2017-12736 | A vulnerability has been identified in RUGGEDCOM ROS for RSL910 devices (All versions < ROS V5.0.1),... | M | |
| CVE-2017-12737 | An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with the firmware variants ENOS00,... | M | |
| CVE-2017-12738 | An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with the firmware variants ENOS00,... | M | |
| CVE-2017-12739 | An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with the firmware variants ENOS00,... | M | |
| CVE-2017-12740 | Siemens LOGO! Soft Comfort (All versions before V8.2) lacks integrity verification of software packa... | | |
| CVE-2017-12741 | Specially crafted packets sent to port 161/udp could cause a denial of service condition. The affect... | | |
| CVE-2017-12754 | Stack buffer overflow in httpd in Asuswrt-Merlin firmware 380.67_0RT-AC5300 and earlier for ASUS dev... | | |
| CVE-2017-12756 | Command inject in transfer from another server in extplorer 2.1.9 and prior allows attacker to injec... | | |
| CVE-2017-12757 | Certain Ambit Technologies Pvt. Ltd products are affected by: SQL Injection. This affects iTech B2B ... | E | |
| CVE-2017-12758 | https://www.joomlaextensions.co.in/ Joomla! Component Appointment 1.1 is affected by: SQL Injection.... | E | |
| CVE-2017-12759 | Ynet Interactive - http://demo.ynetinteractive.com/soa/ SOA School Management 3.0 is affected by: SQ... | E | |
| CVE-2017-12760 | Ynet Interactive - http://demo.ynetinteractive.com/mobiketa/ Mobiketa 4.0 is affected by: SQL Inject... | E | |
| CVE-2017-12761 | http://codecanyon.net/user/Endober WebFile Explorer 1.0 is affected by: SQL Injection. The impact is... | E | |
| CVE-2017-12762 | In /drivers/isdn/i4l/isdn_net.c: A user-controlled buffer is copied into a local buffer of constant ... | S | |
| CVE-2017-12763 | An unspecified server utility in NoMachine before 5.3.10 on Mac OS X and Linux allows authenticated ... | S | |
| CVE-2017-12774 | finecms in 1.9.5\controllers\member\ContentController.php allows remote attackers to operate website... | E | |
| CVE-2017-12775 | qa-include/qa-install.php in Question2Answer before 1.7.5 allows remote attackers to create multiple... | S | |
| CVE-2017-12776 | SQL injection vulnerability in reports.php in NexusPHP 1.5 allows remote attackers to execute arbitr... | E | |
| CVE-2017-12777 | Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via some parameter to usersearch.php.... | | |
| CVE-2017-12778 | The UI Lock feature in qBittorrent version 3.3.15 is vulnerable to Authentication Bypass, which allo... | E | |
| CVE-2017-12779 | The Node_GetData function in corec/corec/node/node.c in mkvalidator 0.5.1 allows remote attackers to... | | |
| CVE-2017-12780 | The ReadData function in ebmlstring.c in libebml2 through 2012-08-26 allows remote attackers to caus... | E | |
| CVE-2017-12781 | The EBML_BufferToID function in ebmlelement.c in libebml2 through 2012-08-26 allows remote attackers... | E | |
| CVE-2017-12782 | The ReadData function in ebmlmaster.c in libebml2 through 2012-08-26 allows remote attackers to caus... | E | |
| CVE-2017-12783 | The ReadDataFloat function in ebmlnumber.c in libebml2 through 2012-08-26 allows remote attackers to... | E | |
| CVE-2017-12784 | In Youngzsoft CCFile (aka CC File Transfer) 3.6, by sending a crafted HTTP request, it is possible f... | E | |
| CVE-2017-12785 | The novish command-line interface, included in the NoviWare software distribution through NW400.2.6 ... | E | |
| CVE-2017-12786 | Network interfaces of the cliengine and noviengine services, included in the NoviWare software distr... | E | |
| CVE-2017-12787 | A network interface of the novi_process_manager_daemon service, included in the NoviWare software di... | E | |
| CVE-2017-12788 | Multiple cross-site scripting (XSS) vulnerabilities in admin/index.php in Metinfo 5.3.18 allows remo... | E | |
| CVE-2017-12789 | Metinfo 5.3.18 is affected by: Cross Site Request Forgery (CSRF). The impact is: Information Disclos... | E | |
| CVE-2017-12790 | Metinfo 5.3.18 is affected by: Cross Site Request Forgery (CSRF). The impact is: Information Disclos... | E | |
| CVE-2017-12791 | Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.11.7 and 201... | S | |
| CVE-2017-12792 | Multiple cross-site request forgery (CSRF) vulnerabilities in NexusPHP 1.5 allow remote attackers to... | E | |
| CVE-2017-12794 | In Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5, HTML autoescaping was disabled in a portion... | S | |
| CVE-2017-12795 | OpenMRS openmrs-module-htmlformentry 3.3.2 is affected by: (Improper Input Validation).... | S | |
| CVE-2017-12796 | The Reporting Compatibility Add On before 2.0.4 for OpenMRS, as distributed in OpenMRS Reference App... | E | |
| CVE-2017-12797 | Integer overflow in the INT123_parse_new_id3 function in the ID3 parser in mpg123 before 1.25.5 on 3... | | |
| CVE-2017-12798 | Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via the q parameter to searchsuggest.php.... | E | |
| CVE-2017-12799 | The elf_read_notesfunction in bfd/elf.c in GNU Binutils 2.29 allows remote attackers to cause a deni... | S | |
| CVE-2017-12800 | The EBML_FindNextElement function in ebmlmain.c in libebml2 through 2012-08-26 allows remote attacke... | E | |
| CVE-2017-12801 | The UpdateDataSize function in ebmlmaster.c in libebml2 through 2012-08-26 allows remote attackers t... | E | |
| CVE-2017-12802 | The EBML_IntegerValue function in ebmlnumber.c in libebml2 through 2012-08-26 allows remote attacker... | E | |
| CVE-2017-12803 | The Node_ValidatePtr function in corec/corec/node/node.c in mkclean 0.8.9 allows remote attackers to... | | |
| CVE-2017-12804 | The iwgif_init_screen function in imagew-gif.c:510 in ImageWorsener 1.3.2 allows remote attackers to... | E | |
| CVE-2017-12805 | In ImageMagick 7.0.6-6, a memory exhaustion vulnerability was found in the function ReadTIFFImage, w... | E | |
| CVE-2017-12806 | In ImageMagick 7.0.6-6, a memory exhaustion vulnerability was found in the function format8BIM, whic... | E | |
| CVE-2017-12807 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-12799. Reason: This candidat... | R | |
| CVE-2017-12809 | QEMU (aka Quick Emulator), when built with the IDE disk and CD/DVD-ROM Emulator support, allows loca... | S | |
| CVE-2017-12810 | PHPJabbers PHP Newsletter Script 4.2 has stored XSS in lists in the admin panel.... | | |
| CVE-2017-12811 | PHPJabbers Star Rating Script 4.0 has stored XSS via a rating item.... | | |
| CVE-2017-12812 | PHPJabbers Night Club Booking Software has stored XSS in the name parameter in the reservations tab.... | | |
| CVE-2017-12813 | PHPJabbers File Sharing Script 1.0 has stored XSS in the comments section.... | | |
| CVE-2017-12814 | Stack-based buffer overflow in the CPerlHost::Add method in win32/perlhost.h in Perl before 5.24.3-R... | E S | |
| CVE-2017-12815 | Analysis of the Bomgar Remote Support Portal JavaStart.jar Applet 52790 and earlier revealed that it... | | |
| CVE-2017-12816 | In Kaspersky Internet Security for Android 11.12.4.1622, some of application exports activities have... | | |
| CVE-2017-12817 | In Kaspersky Internet Security for Android 11.12.4.1622, some of the application trace files were no... | | |
| CVE-2017-12818 | Stack overflow in custom XML-parser in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products p... | | |
| CVE-2017-12819 | Remote manipulations with language pack updater lead to NTLM-relay attack for system user in Gemalto... | | |
| CVE-2017-12820 | Arbitrary memory read from controlled memory pointer in Gemalto's HASP SRM, Sentinel HASP and Sentin... | | |
| CVE-2017-12821 | Memory corruption in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel L... | | |
| CVE-2017-12822 | Remote enabling and disabling admin interface in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK ... | | |
| CVE-2017-12823 | Kernel pool memory corruption in one of drivers in Kaspersky Embedded Systems Security version 1.2.0... | | |
| CVE-2017-12824 | Special crafted InPage document leads to arbitrary code execution in InPage reader.... | | |
| CVE-2017-12826 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2017-12827 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2017-12828 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2017-12829 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2017-12830 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2017-12831 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2017-12832 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2017-12833 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2017-12834 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2017-12835 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2017-12836 | CVS 1.12.x, when configured to use SSH for remote repositories, might allow remote attackers to exec... | E S | |
| CVE-2017-12837 | Heap-based buffer overflow in the S_regatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.... | S | |
| CVE-2017-12838 | Cross-site request forgery (CSRF) vulnerability in NexusPHP 1.5 allows remote attackers to hijack th... | E | |
| CVE-2017-12839 | A heap-based buffer over-read in the getbits function in src/libmpg123/getbits.h in mpg123 through 1... | E S | |
| CVE-2017-12840 | A kernel driver, namely DLMFENC.sys, bundled with the DESLock+ client application 4.8.16 and earlier... | | |
| CVE-2017-12842 | Bitcoin Core before 0.14 allows an attacker to create an ostensibly valid SPV proof for a payment to... | | |
| CVE-2017-12843 | Cyrus IMAP before 3.0.3 allows remote authenticated users to write to arbitrary files via a crafted ... | | |
| CVE-2017-12844 | Cross-site scripting (XSS) vulnerability in the admin panel in IceWarp Mail Server 10.4.4 allows rem... | E | |
| CVE-2017-12847 | Nagios Core before 4.3.3 creates a nagios.lock PID file after dropping privileges to a non-root acco... | S | |
| CVE-2017-12849 | Response discrepancy in the login and password reset forms in SilverStripe CMS before 3.5.5 and 3.6.... | | |
| CVE-2017-12850 | An authenticated standard user could reset the password of other users (including the admin) by alte... | S | |
| CVE-2017-12851 | An authenticated standard user could reset the password of the admin by altering form data. Affects ... | S | |
| CVE-2017-12852 | The numpy.pad function in Numpy 1.13.1 and older versions is missing input validation. An empty list... | E | |
| CVE-2017-12853 | The RealTime RWR-3G-100 Router Firmware Version : Ver1.0.56 is affected by CSRF an attack that force... | E | |
| CVE-2017-12855 | Xen maintains the _GTF_{read,writ}ing bits as appropriate, to inform the guest that a grant is in us... | | |
| CVE-2017-12856 | Cross-site scripting (XSS) vulnerability in C.P.Sub 5.2 allows remote attackers to inject arbitrary ... | E | |
| CVE-2017-12857 | Polycom SoundStation IP, VVX, and RealPresence Trio that are running software older than UCS 4.0.12,... | M | |
| CVE-2017-12858 | Double free vulnerability in the _zip_dirent_read function in zip_dirent.c in libzip allows attacker... | S | |
| CVE-2017-12859 | NetApp Data ONTAP before 8.2.5, when operating in 7-Mode in NFS environments, allows remote attacker... | S | |
| CVE-2017-12860 | The Epson "EasyMP" software is designed to remotely stream a users computer to supporting projectors... | | |
| CVE-2017-12861 | The Epson "EasyMP" software is designed to remotely stream a users computer to supporting projectors... | | |
| CVE-2017-12862 | In modules/imgcodecs/src/grfmt_pxm.cpp, the length of buffer AutoBuffer _src is small than expected,... | S | |
| CVE-2017-12863 | In opencv/modules/imgcodecs/src/grfmt_pxm.cpp, function PxMDecoder::readData has an integer overflow... | S | |
| CVE-2017-12864 | In opencv/modules/imgcodecs/src/grfmt_pxm.cpp, function ReadNumber did not checkout the input length... | S | |
| CVE-2017-12865 | Stack-based buffer overflow in "dnsproxy.c" in connman 1.34 and earlier allows remote attackers to c... | S | |
| CVE-2017-12867 | The SimpleSAML_Auth_TimeLimitedToken class in SimpleSAMLphp 1.14.14 and earlier allows attackers wit... | S | |
| CVE-2017-12868 | The secureCompare method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAMLphp 1.14.13 and earlier, wh... | S | |
| CVE-2017-12869 | The multiauth module in SimpleSAMLphp 1.14.13 and earlier allows remote attackers to bypass authenti... | S | |
| CVE-2017-12870 | SimpleSAMLphp 1.14.12 and earlier make it easier for man-in-the-middle attackers to obtain sensitive... | S | |
| CVE-2017-12871 | The aesEncrypt method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAMLphp 1.14.x through 1.14.11 mak... | S | |
| CVE-2017-12872 | The (1) Htpasswd authentication source in the authcrypt module and (2) SimpleSAML_Session class in S... | S | |
| CVE-2017-12873 | SimpleSAMLphp 1.7.0 through 1.14.10 might allow attackers to obtain sensitive information, gain unau... | S | |
| CVE-2017-12874 | The InfoCard module 1.0 for SimpleSAMLphp allows attackers to spoof XML messages by leveraging an in... | S | |
| CVE-2017-12875 | The WritePixelCachePixels function in ImageMagick 7.0.6-6 allows remote attackers to cause a denial ... | S | |
| CVE-2017-12876 | Heap-based buffer overflow in enhance.c in ImageMagick before 7.0.6-6 allows remote attackers to cau... | S | |
| CVE-2017-12877 | Use-after-free vulnerability in the DestroyImage function in image.c in ImageMagick before 7.0.6-6 a... | S | |
| CVE-2017-12879 | Cross-site scripting (XSS-STORED) vulnerability in the DEVICES OR SENSORS functionality in Paessler ... | | |
| CVE-2017-12880 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-11424. Reason: This candid... | R | |
| CVE-2017-12881 | Cross-site request forgery (CSRF) vulnerability in the Spring Batch Admin before 1.3.0 allows remote... | | |
| CVE-2017-12882 | Stored Cross-site scripting (XSS) vulnerability in Spring Batch Admin before 1.3.0 allows remote aut... | | |
| CVE-2017-12883 | Buffer overflow in the S_grok_bslash_N function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x ... | S | |
| CVE-2017-12884 | OX Software GmbH App Suite 7.8.4 and earlier is affected by: Information Exposure.... | | |
| CVE-2017-12885 | OX Software GmbH App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS).... | | |
| CVE-2017-12892 | Foxit PDF Compressor installers from versions from 7.0.0.183 to 7.7.2.10 contain a DLL preloading vu... | | |
| CVE-2017-12893 | The SMB/CIFS parser in tcpdump before 4.9.2 has a buffer over-read in smbutil.c:name_len().... | S | |
| CVE-2017-12894 | Several protocol parsers in tcpdump before 4.9.2 could cause a buffer over-read in addrtoname.c:look... | S | |
| CVE-2017-12895 | The ICMP parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp.c:icmp_print().... | S | |
| CVE-2017-12896 | The ISAKMP parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c:isakmp_rfc3948_pr... | S | |
| CVE-2017-12897 | The ISO CLNS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isoclns_print(... | S | |
| CVE-2017-12898 | The NFS parser in tcpdump before 4.9.2 has a buffer over-read in print-nfs.c:interp_reply().... | S | |
| CVE-2017-12899 | The DECnet parser in tcpdump before 4.9.2 has a buffer over-read in print-decnet.c:decnet_print().... | S | |
| CVE-2017-12900 | Several protocol parsers in tcpdump before 4.9.2 could cause a buffer over-read in util-print.c:tok2... | S | |
| CVE-2017-12901 | The EIGRP parser in tcpdump before 4.9.2 has a buffer over-read in print-eigrp.c:eigrp_print().... | S | |
| CVE-2017-12902 | The Zephyr parser in tcpdump before 4.9.2 has a buffer over-read in print-zephyr.c, several function... | S | |
| CVE-2017-12904 | Improper Neutralization of Special Elements used in an OS Command in bookmarking function of Newsbeu... | S | |
| CVE-2017-12905 | Server Side Request Forgery vulnerability in Vebto Pixie Image Editor 1.4 and 1.7 allows remote atta... | | |
| CVE-2017-12906 | Multiple cross-site scripting (XSS) vulnerabilities in NexusPHP allow remote attackers to inject arb... | E | |
| CVE-2017-12907 | Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via the url path to usersearch.php.... | E | |
| CVE-2017-12908 | SQL injection vulnerability in takeconfirm.php in NexusPHP 1.5 allows remote attackers to execute ar... | E | |
| CVE-2017-12909 | SQL injection vulnerability in modtask.php in NexusPHP 1.5 allows remote attackers to execute arbitr... | E | |
| CVE-2017-12910 | SQL injection vulnerability in massmail.php in NexusPHP 1.5 allows remote attackers to execute arbit... | E | |
| CVE-2017-12911 | The "apetag.c" file in MP3Gain 1.5.2.r2 has a vulnerability which results in a stack memory corrupti... | | |
| CVE-2017-12912 | The "mpglibDBL/layer3.c" file in MP3Gain 1.5.2.r2 has a vulnerability which results in a read access... | | |
| CVE-2017-12919 | Heap-based buffer overflow in OLEStream::WriteVT_LPSTR in olestrm.cpp in libfpx 1.3.1_p6 allows remo... | | |
| CVE-2017-12920 | CDirectory::GetDirEntry in dir.cxx in libfpx 1.3.1_p6 allows remote attackers to cause a denial of s... | | |
| CVE-2017-12921 | PFileFlashPixView::GetGlobalInfoProperty in f_fpxvw.cpp in libfpx 1.3.1_p6 allows remote attackers t... | | |
| CVE-2017-12922 | wchar.c in libfpx 1.3.1_p6 allows remote attackers to cause a denial of service (NULL pointer derefe... | | |
| CVE-2017-12923 | OLEStream::WriteVT_LPSTR in olestrm.cpp in libfpx 1.3.1_p6 allows remote attackers to cause a denial... | | |
| CVE-2017-12924 | CDirVector::GetTable in dirfunc.hxx in libfpx 1.3.1_p6 allows remote attackers to cause a denial of ... | | |
| CVE-2017-12925 | Double free vulnerability in DfFromLB in docfile.cxx in libfpx 1.3.1_p6 allows remote attackers to c... | | |
| CVE-2017-12927 | A cross-site scripting vulnerability exists in Cacti 1.1.17 in the method parameter in spikekill.php... | S | |
| CVE-2017-12928 | A hard-coded password of tecn0visi0n for the dlxuser account in TecnoVISION DLX Spot Player4 (all kn... | | |
| CVE-2017-12929 | Arbitrary File Upload in resource.php of TecnoVISION DLX Spot Player4 version >1.5.10 allows remote ... | E | |
| CVE-2017-12930 | SQL Injection in the admin interface in TecnoVISION DLX Spot Player4 version >1.5.10 allows remote u... | | |
| CVE-2017-12932 | ext/standard/var_unserializer.re in PHP 7.0.x through 7.0.22 and 7.1.x through 7.1.8 is prone to a h... | S | |
| CVE-2017-12933 | The finish_nested_data function in ext/standard/var_unserializer.re in PHP before 5.6.31, 7.0.x befo... | | |
| CVE-2017-12934 | ext/standard/var_unserializer.re in PHP 7.0.x before 7.0.21 and 7.1.x before 7.1.7 is prone to a hea... | | |
| CVE-2017-12935 | The ReadMNGImage function in coders/png.c in GraphicsMagick 1.3.26 mishandles large MNG images, lead... | S | |
| CVE-2017-12936 | The ReadWMFImage function in coders/wmf.c in GraphicsMagick 1.3.26 has a use-after-free issue for da... | S | |
| CVE-2017-12937 | The ReadSUNImage function in coders/sun.c in GraphicsMagick 1.3.26 has a colormap heap-based buffer ... | S | |
| CVE-2017-12938 | UnRAR before 5.5.7 allows remote attackers to bypass a directory-traversal protection mechanism via ... | E | |
| CVE-2017-12939 | A Remote Code Execution vulnerability was identified in all Windows versions of Unity Editor, e.g., ... | S | |
| CVE-2017-12940 | libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the EncodeFileName::Decode call within... | E | |
| CVE-2017-12941 | libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the Unpack::Unpack20 function.... | E | |
| CVE-2017-12942 | libunrar.a in UnRAR before 5.5.7 has a buffer overflow in the Unpack::LongLZ function.... | E | |
| CVE-2017-12943 | D-Link DIR-600 Rev Bx devices with v2.x firmware allow remote attackers to read passwords via a mode... | E | |
| CVE-2017-12944 | The TIFFReadDirEntryArray function in tif_read.c in LibTIFF 4.0.8 mishandles memory allocation for s... | | |
| CVE-2017-12945 | Insufficient validation of user-supplied input for the Solstice Pod before 2.8.4 networking configur... | E | |
| CVE-2017-12946 | classes\controller\admin\modals.php in the Easy Modal plugin before 2.1.0 for WordPress has SQL inje... | | |
| CVE-2017-12947 | classes\controller\admin\modals.php in the Easy Modal plugin before 2.1.0 for WordPress has SQL inje... | | |
| CVE-2017-12948 | Core\Admin\PFTemplater.php in the PressForward plugin 4.3.0 and earlier for WordPress has XSS in the... | | |
| CVE-2017-12949 | lib\modules\contributors\contributor_list_table.php in the Podlove Podcast Publisher plugin 2.5.3 an... | | |
| CVE-2017-12950 | The gig::Region::Region function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denia... | E | |
| CVE-2017-12951 | The gig::DimensionRegion::CreateVelocityTable function in gig.cpp in libgig 4.0.0 allows remote atta... | E | |
| CVE-2017-12952 | The LoadString function in helper.h in libgig 4.0.0 allows remote attackers to cause a denial of ser... | E | |
| CVE-2017-12953 | The gig::Instrument::UpdateRegionKeyTable function in gig.cpp in libgig 4.0.0 allows remote attacker... | E | |
| CVE-2017-12954 | The gig::Region::GetSampleFromWavePool function in gig.cpp in libgig 4.0.0 allows remote attackers t... | E | |
| CVE-2017-12955 | There is a heap-based buffer overflow in basicio.cpp of Exiv2 0.26. The vulnerability causes an out-... | | |
| CVE-2017-12956 | There is an illegal address access in Exiv2::FileIo::path[abi:cxx11]() in basicio.cpp of libexiv2 in... | | |
| CVE-2017-12957 | There is a heap-based buffer over-read in libexiv2 in Exiv2 0.26 that is triggered in the Exiv2::Ima... | | |
| CVE-2017-12958 | There is an illegal address access in the function output_hex() in data/data-out.c of the libpspp li... | | |
| CVE-2017-12959 | There is a reachable assertion abort in the function dict_add_mrset() in data/dictionary.c of the li... | | |
| CVE-2017-12960 | There is a reachable assertion abort in the function dict_rename_var() in data/dictionary.c of the l... | | |
| CVE-2017-12961 | There is an assertion abort in the function parse_attributes() in data/sys-file-reader.c of the libp... | | |
| CVE-2017-12962 | There are memory leaks in LibSass 3.4.5 triggered by deeply nested code, such as code with a long se... | | |
| CVE-2017-12963 | There is an illegal address access in Sass::Eval::operator() in eval.cpp of LibSass 3.4.5, leading t... | | |
| CVE-2017-12964 | There is a stack consumption issue in LibSass 3.4.5 that is triggered in the function Sass::Eval::op... | | |
| CVE-2017-12965 | Session fixation vulnerability in Apache2Triad 1.5.4 allows remote attackers to hijack web sessions ... | E | |
| CVE-2017-12966 | The asn1f_lookup_symbol_impl function in asn1fix_retrieve.c in libasn1fix.a in asn1c 0.9.28 allows r... | E | |
| CVE-2017-12967 | The getsym function in tekhex.c in the Binary File Descriptor (BFD) library (aka libbfd), as distrib... | S | |
| CVE-2017-12969 | Buffer overflow in the ViewerCtrlLib.ViewerCtrl ActiveX control in Avaya IP Office Contact Center be... | E | |
| CVE-2017-12970 | Cross-site request forgery (CSRF) vulnerability in Apache2Triad 1.5.4 allows remote attackers to hij... | E | |
| CVE-2017-12971 | Cross-site scripting (XSS) vulnerability in Apache2Triad 1.5.4 allows remote attackers to inject arb... | E | |
| CVE-2017-12972 | In Nimbus JOSE+JWT before 4.39, there is no integer-overflow check when converting length values fro... | S | |
| CVE-2017-12973 | Nimbus JOSE+JWT before 4.39 proceeds improperly after detection of an invalid HMAC in authenticated ... | S | |
| CVE-2017-12974 | Nimbus JOSE+JWT before 4.36 proceeds with ECKey construction without ensuring that the public x and ... | S | |
| CVE-2017-12976 | git-annex before 6.20170818 allows remote attackers to execute arbitrary commands via an ssh URL wit... | | |
| CVE-2017-12977 | The Web-Dorado "Photo Gallery by WD - Responsive Photo Gallery" plugin before 1.3.51 for WordPress h... | | |
| CVE-2017-12978 | lib/html.php in Cacti before 1.1.18 has XSS via the title field of an external link added by an auth... | S | |
| CVE-2017-12979 | DokuWiki through 2017-02-19c has stored XSS when rendering a malicious language name in a code eleme... | E S | |
| CVE-2017-12980 | DokuWiki through 2017-02-19c has stored XSS when rendering a malicious RSS or Atom feed, in /inc/par... | E S | |
| CVE-2017-12981 | NexusPHP 1.5.beta5.20120707 has SQL Injection in forummanage.php via the sort parameter in an addfor... | E | |
| CVE-2017-12982 | The bmp_read_info_header function in bin/jp2/convertbmp.c in OpenJPEG 2.2.0 does not reject headers ... | S | |
| CVE-2017-12983 | Heap-based buffer overflow in the ReadSFWImage function in coders/sfw.c in ImageMagick 7.0.6-8 allow... | S | |
| CVE-2017-12984 | PHPMyWind 5.3 has XSS in shoppingcart.php, related to message.php, admin/message.php, and admin/mess... | E | |
| CVE-2017-12985 | The IPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-ip6.c:ip6_print().... | S | |
| CVE-2017-12986 | The IPv6 routing header parser in tcpdump before 4.9.2 has a buffer over-read in print-rt6.c:rt6_pri... | S | |
| CVE-2017-12987 | The IEEE 802.11 parser in tcpdump before 4.9.2 has a buffer over-read in print-802_11.c:parse_elemen... | S | |
| CVE-2017-12988 | The telnet parser in tcpdump before 4.9.2 has a buffer over-read in print-telnet.c:telnet_parse().... | S | |
| CVE-2017-12989 | The RESP parser in tcpdump before 4.9.2 could enter an infinite loop due to a bug in print-resp.c:re... | S | |
| CVE-2017-12990 | The ISAKMP parser in tcpdump before 4.9.2 could enter an infinite loop due to bugs in print-isakmp.c... | S | |
| CVE-2017-12991 | The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:bgp_attr_print().... | S | |
| CVE-2017-12992 | The RIPng parser in tcpdump before 4.9.2 has a buffer over-read in print-ripng.c:ripng_print().... | S | |
| CVE-2017-12993 | The Juniper protocols parser in tcpdump before 4.9.2 has a buffer over-read in print-juniper.c, seve... | S | |
| CVE-2017-12994 | The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:bgp_attr_print().... | S | |
| CVE-2017-12995 | The DNS parser in tcpdump before 4.9.2 could enter an infinite loop due to a bug in print-domain.c:n... | S | |
| CVE-2017-12996 | The PIMv2 parser in tcpdump before 4.9.2 has a buffer over-read in print-pim.c:pimv2_print().... | S | |
| CVE-2017-12997 | The LLDP parser in tcpdump before 4.9.2 could enter an infinite loop due to a bug in print-lldp.c:ll... | S | |
| CVE-2017-12998 | The IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isis_print_extd_i... | S | |
| CVE-2017-12999 | The IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isis_print().... | S |