CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2017-12451 The _bfd_xcoff_read_ar_hdr function in bfd/coff-rs6000.c and bfd/coff64-rs6000.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remot... | N/A | NONE | — | 0 |
| CVE-2017-12452 The bfd_mach_o_i386_canonicalize_one_reloc function in bfd/mach-o-i386.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attack... | N/A | NONE | — | 0 |
| CVE-2017-12453 The _bfd_vms_slurp_eeom function in libbfd.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bound... | N/A | NONE | — | 0 |
| CVE-2017-12454 The _bfd_vms_slurp_egsd function in bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an arbit... | N/A | NONE | — | 0 |
| CVE-2017-12455 The evax_bfd_print_emh function in vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bou... | N/A | NONE | — | 0 |
| CVE-2017-10815 MaLion for Windows 5.2.1 and earlier (only when "Remote Control" is installed) and MaLion for Mac 4.0.1 to 5.2.1 (only when "Remote Control" is installed) allow remote attackers to bypass authenticati... | N/A | NONE | — | 0 |
| CVE-2017-10816 SQL injection vulnerability in the MaLion for Windows and Mac 5.0.0 to 5.2.1 allows remote attackers to execute arbitrary SQL commands via Relay Service Server. | 9.8 | CRITICAL | — | 0 |
| CVE-2017-10817 MaLion for Windows and Mac 5.0.0 to 5.2.1 allows remote attackers to bypass authentication to alter settings in Relay Service Server. | 9.8 | CRITICAL | — | 0 |
| CVE-2017-10818 MaLion for Windows and Mac versions 3.2.1 to 5.2.1 uses a hardcoded cryptographic key which may allow an attacker to alter the connection settings of Terminal Agent and spoof the Relay Service. | 9.8 | CRITICAL | — | 0 |
| CVE-2017-10819 MaLion for Mac 4.3.0 to 5.2.1 does not properly validate certificates, which may allow an attacker to eavesdrop on an encrypted communication. | 5.9 | MEDIUM | — | 0 |
| CVE-2017-10820 Untrusted search path vulnerability in Installer of IP Messenger for Win 4.60 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | N/A | NONE | — | 0 |
| CVE-2017-12439 SocuSoft Flash Slideshow Maker Professional through v5.20, when the advanced configuration is used, has an xml_path HTTP parameter that trusts user-supplied input, in conjunction with an unsafe XML co... | 7.5 | HIGH | — | 0 |
| CVE-2017-1331 IBM Content Navigator 2.0.3 and 3.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality p... | N/A | NONE | — | 0 |
| CVE-2017-2221 Untrusted search path vulnerability in Installer of Baidu IME Ver3.6.1.6 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | N/A | NONE | — | 0 |
| CVE-2017-12481 The find_option function in option.cc in Ledger 3.1.1 allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact... | N/A | NONE | — | 0 |
| CVE-2017-12482 The ledger::parse_date_mask_routine function in times.cc in Ledger 3.1.1 allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspe... | N/A | NONE | — | 0 |
| CVE-2017-12419 If, after successful installation of MantisBT through 2.5.2 on MySQL/MariaDB, the administrator does not remove the 'admin' directory (as recommended in the "Post-installation and upgrade tasks" secti... | N/A | NONE | — | 0 |
| CVE-2017-7533 Race condition in the fsnotify implementation in the Linux kernel through 4.12.4 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that l... | 7.0 | HIGH | — | 0 |
| CVE-2017-12562 Heap-based Buffer Overflow in the psf_binheader_writef function in common.c in libsndfile through 1.0.28 allows remote attackers to cause a denial of service (application crash) or possibly have unspe... | 9.8 | CRITICAL | — | 0 |
| CVE-2017-9851 An issue was discovered in SMA Solar Technology products. By sending nonsense data or setting up a TELNET session to the database port of Sunny Explorer, the application can be crashed. NOTE: the vend... | N/A | NONE | — | 0 |
| CVE-2017-9852 An Incorrect Password Management issue was discovered in SMA Solar Technology products. Default passwords exist that are rarely changed. User passwords will almost always be default. Installer passwor... | N/A | NONE | — | 0 |
| CVE-2017-12587 ImageMagick 7.0.6-1 has a large loop vulnerability in the ReadPWPImage function in coders\pwp.c. | N/A | NONE | — | 0 |
| CVE-2017-9853 An issue was discovered in SMA Solar Technology products. All inverters have a very weak password policy for the user and installer password. No complexity requirements or length requirements are set.... | N/A | NONE | — | 0 |
| CVE-2017-9854 An issue was discovered in SMA Solar Technology products. By sniffing for specific packets on the localhost, plaintext passwords can be obtained as they are typed into Sunny Explorer by the user. Thes... | N/A | NONE | — | 0 |
| CVE-2017-9855 An issue was discovered in SMA Solar Technology products. A secondary authentication system is available for Installers called the Grid Guard system. This system uses predictable codes, and a single G... | 9.8 | CRITICAL | — | 0 |
| CVE-2017-9856 An issue was discovered in SMA Solar Technology products. Sniffed passwords from SMAdata2+ communication can be decrypted very easily. The passwords are "encrypted" using a very simple encryption algo... | 3.4 | LOW | — | 0 |
| CVE-2017-9857 An issue was discovered in SMA Solar Technology products. The SMAdata2+ communication protocol does not properly use authentication with encryption: it is vulnerable to man in the middle, packet injec... | N/A | NONE | — | 0 |
| CVE-2017-9858 An issue was discovered in SMA Solar Technology products. By sending crafted packets to an inverter and observing the response, active and inactive user accounts can be determined. This aids in furthe... | N/A | NONE | — | 0 |
| CVE-2017-9859 An issue was discovered in SMA Solar Technology products. The inverters make use of a weak hashing algorithm to encrypt the password for REGISTER requests. This hashing algorithm can be cracked relati... | N/A | NONE | — | 0 |
| CVE-2017-9860 An issue was discovered in SMA Solar Technology products. An attacker can use Sunny Explorer or the SMAdata2+ network protocol to update the device firmware without ever having to authenticate. If an ... | N/A | NONE | — | 0 |
| CVE-2017-12676 In ImageMagick 7.0.6-3, a memory leak vulnerability was found in the function ReadOneJNGImage in coders/png.c, which allows attackers to cause a denial of service. | N/A | NONE | — | 0 |
| CVE-2017-9861 An issue was discovered in SMA Solar Technology products. The SIP implementation does not properly use authentication with encryption: it is vulnerable to replay attacks, packet injection attacks, and... | N/A | NONE | — | 0 |
| CVE-2017-9862 An issue was discovered in SMA Solar Technology products. When signed into Sunny Explorer with a wrong password, it is possible to create a debug report, disclosing information regarding the applicati... | N/A | NONE | — | 0 |
| CVE-2017-9863 An issue was discovered in SMA Solar Technology products. If a user simultaneously has Sunny Explorer running and visits a malicious host, cross-site request forgery can be used to change settings in ... | N/A | NONE | — | 0 |
| CVE-2017-9864 An issue was discovered in SMA Solar Technology products. An attacker can change the plant time even when not authenticated in any way. This changes the system time, possibly affecting lockout policie... | N/A | NONE | — | 0 |
| CVE-2017-9370 An information disclosure / elevation of privilege vulnerability in the BlackBerry Workspaces Server could potentially allow an attacker who has legitimate access to BlackBerry Workspaces to gain acce... | N/A | NONE | — | 0 |
| CVE-2017-12563 In ImageMagick 7.0.6-2, a memory exhaustion vulnerability was found in the function ReadPSDImage in coders/psd.c, which allows attackers to cause a denial of service. | N/A | NONE | — | 0 |
| CVE-2017-12564 In ImageMagick 7.0.6-2, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service. | N/A | NONE | — | 0 |
| CVE-2017-12565 In ImageMagick 7.0.6-2, a memory leak vulnerability was found in the function ReadOneJNGImage in coders/png.c, which allows attackers to cause a denial of service. | N/A | NONE | — | 0 |
| CVE-2017-12566 In ImageMagick 7.0.6-2, a memory leak vulnerability was found in the function ReadMVGImage in coders/mvg.c, which allows attackers to cause a denial of service, related to the function ReadSVGImage in... | N/A | NONE | — | 0 |
| CVE-2017-12572 Persistent Cross Site Scripting (XSS) exists in Splunk Enterprise 6.5.x before 6.5.2, 6.4.x before 6.4.6, and 6.3.x before 6.3.9 and Splunk Light before 6.5.2, with exploitation requiring administrati... | N/A | NONE | — | 0 |
| CVE-2017-12568 Denial of Service vulnerability in Debut embedded httpd 1.20 in Brother DCP-J132W (and probably other DCP models) allows remote attackers to hang the printer (disrupting its network connection) by sen... | N/A | NONE | — | 0 |
| CVE-2017-12600 OpenCV (Open Source Computer Vision Library) through 3.3 has a denial of service (CPU consumption) issue, as demonstrated by the 11-opencv-dos-cpu-exhaust test case. | N/A | NONE | — | 0 |
| CVE-2017-12581 GitHub Electron before 1.6.8 allows remote command execution because of a nodeIntegration bypass vulnerability. This also affects all applications that bundle Electron code equivalent to 1.6.8 or earl... | N/A | NONE | — | 0 |
| CVE-2017-12583 DokuWiki through 2017-02-19b has XSS in the at parameter (aka the DATE_AT variable) to doku.php. | N/A | NONE | — | 0 |
| CVE-2017-12584 There is no CSRF mitigation in SLiMS 8 Akasia through 8.3.1. Also, an entire user profile (including the password) can be updated without sending the current password. This allows remote attackers to ... | 8.8 | HIGH | — | 0 |
| CVE-2017-12585 SLiMS 8 Akasia through 8.3.1 has SQL injection in admin/AJAX_lookup_handler.php (tableName and tableFields parameters), admin/AJAX_check_id.php, and admin/AJAX_vocabolary_control.php. It can be exploi... | N/A | NONE | — | 0 |
| CVE-2017-12586 SLiMS 8 Akasia through 8.3.1 has an arbitrary file reading issue because of directory traversal in the url parameter to admin/help.php. It can be exploited by remote authenticated librarian users. | N/A | NONE | — | 0 |
| CVE-2017-12480 Sandboxie installer 5071703 has a DLL Hijacking or Unsafe DLL Loading Vulnerability via a Trojan horse dwmapi.dll or profapi.dll file in an AppData\Local\Temp directory. | N/A | NONE | — | 0 |
| CVE-2017-6664 A vulnerability in the Autonomic Networking feature of Cisco IOS XE Software could allow an unauthenticated, remote, autonomic node to access the Autonomic Networking infrastructure of an affected sys... | N/A | NONE | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.