CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2017-17669 There is a heap-based buffer over-read in the Exiv2::Internal::PngChunk::keyTXTChunk function of pngchunk_int.cpp in Exiv2 0.26. A crafted PNG file will lead to a remote denial of service attack. | 5.5 | MEDIUM | — | 0 |
| CVE-2017-7738 An Information Disclosure vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.5, 5.2 and below versions allow an admin user with super_admin privileges to view the current SSL VPN web porta... | N/A | NONE | — | 0 |
| CVE-2017-17524 library/www_browser.pl in SWI-Prolog 7.2.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-... | N/A | NONE | — | 0 |
| CVE-2017-17671 vBulletin through 5.3.x on Windows allows remote PHP code execution because a require_once call is reachable with an unauthenticated request that can include directory traversal sequences to specify a... | 9.8 | CRITICAL | — | 0 |
| CVE-2017-17672 In vBulletin through 5.3.x, there is an unauthenticated deserialization vulnerability that leads to arbitrary file deletion and, under certain circumstances, code execution, because of unsafe usage of... | N/A | NONE | — | 0 |
| CVE-2017-17680 In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadXPMImage in coders/xpm.c, which allows attackers to cause a denial of service via a crafted xpm image file. | N/A | NONE | — | 0 |
| CVE-2017-17681 In ImageMagick 7.0.7-12 Q16, an infinite loop vulnerability was found in the function ReadPSDChannelZip in coders/psd.c, which allows attackers to cause a denial of service (CPU exhaustion) via a craf... | N/A | NONE | — | 0 |
| CVE-2017-17525 guiclient/guiclient.cpp in xTuple PostBooks 4.7.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct ar... | N/A | NONE | — | 0 |
| CVE-2017-17526 Input.cc in Bernard Parisse Giac 1.2.3.57 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-i... | N/A | NONE | — | 0 |
| CVE-2017-17682 In ImageMagick 7.0.7-12 Q16, a large loop vulnerability was found in the function ExtractPostscript in coders/wpg.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted ... | N/A | NONE | — | 0 |
| CVE-2017-17683 Panda Global Protection 17.0.1 allows a system crash via a 0xb3702c44 \\.\PSMEMDriver DeviceIoControl request. | N/A | NONE | — | 0 |
| CVE-2017-17684 Panda Global Protection 17.0.1 allows a system crash via a 0xb3702c04 \\.\PSMEMDriver DeviceIoControl request. | N/A | NONE | — | 0 |
| CVE-2017-5663 In Apache Fineract 0.4.0-incubating, 0.5.0-incubating, and 0.6.0-incubating, an authenticated user with client/loan/center/staff/group read permissions is able to inject malicious SQL into SELECT quer... | N/A | NONE | — | 0 |
| CVE-2017-17511 KildClient 3.1.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a cr... | N/A | NONE | — | 0 |
| CVE-2017-17513 TeX Live through 20170524 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks... | N/A | NONE | — | 0 |
| CVE-2017-17535 lib/gui.py in Bob Hepple gjots2 2.4.1 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injec... | N/A | NONE | — | 0 |
| CVE-2017-17514 boxes.c in nip2 8.4.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via... | 8.8 | HIGH | — | 0 |
| CVE-2017-17515 etc/ObjectList in Metview 4.7.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection a... | N/A | NONE | — | 0 |
| CVE-2017-17516 scripts/inspect_webbrowser.py in Reddit Terminal Viewer (RTV) 1.19.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote atta... | N/A | NONE | — | 0 |
| CVE-2017-17517 libsylph/utils.c in Sylpheed through 3.6 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-in... | N/A | NONE | — | 0 |
| CVE-2017-17518 swt/motif/browser.c in White_dune (aka whitedune) 0.30.10 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to co... | N/A | NONE | — | 0 |
| CVE-2017-17519 batteriesConfig.mlp in OCaml Batteries Included (aka ocaml-batteries) 2.6 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote... | N/A | NONE | — | 0 |
| CVE-2017-17520 tools/url_handler.pl in TIN 2.4.1 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection... | 8.8 | HIGH | — | 0 |
| CVE-2017-17527 delphi_gui/WWWBrowserRunnerDM.pas in PasDoc 0.14 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct arg... | N/A | NONE | — | 0 |
| CVE-2017-17528 backends/platform/sdl/posix/posix.cpp in ScummVM 1.9.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to condu... | N/A | NONE | — | 0 |
| CVE-2017-17529 af/util/xp/ut_go_file.cpp in AbiWord 3.0.2-2 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argumen... | N/A | NONE | — | 0 |
| CVE-2017-17530 common/help.c in Geomview 1.9.5 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection a... | 8.8 | HIGH | — | 0 |
| CVE-2017-17531 gozilla.c in GNU GLOBAL 4.8.6 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection att... | N/A | NONE | — | 0 |
| CVE-2017-17532 examples/framework/news/news3.py in Kiwi 1.9.22 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argu... | N/A | NONE | — | 0 |
| CVE-2017-17533 default.tcl in Tkabber 1.1 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attack... | N/A | NONE | — | 0 |
| CVE-2017-17534 uiutil.c in Mensis 0.0.080507 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection att... | N/A | NONE | — | 0 |
| CVE-2017-7344 A privilege escalation in Fortinet FortiClient Windows 5.4.3 and earlier as well as 5.6.0 allows attacker to gain privilege via exploiting the Windows "security alert" dialog thereby popping up when t... | N/A | NONE | — | 0 |
| CVE-2016-10703 A regular expression Denial of Service (DoS) vulnerability in the file lib/ecstatic.js of the ecstatic npm package, before version 2.0.0, allows a remote attacker to overload and crash a server by pas... | 7.5 | HIGH | — | 0 |
| CVE-2017-5264 Versions of Nexpose prior to 6.4.66 fail to adequately validate the source of HTTP requests intended for the Automated Actions administrative web application, and are susceptible to a cross-site reque... | N/A | NONE | — | 0 |
| CVE-2017-16355 In agent/Core/SpawningKit/Spawner.h in Phusion Passenger 5.1.10 (fixed in Passenger Open Source 5.1.11 and Passenger Enterprise 5.1.10), if Passenger is running as root, it is possible to list the con... | 4.7 | MEDIUM | — | 0 |
| CVE-2017-17405 Ruby before 2.4.3 allows Net::FTP command injection. Net::FTP#get, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernel#open to open a local file. If the localfile argument start... | N/A | NONE | — | 0 |
| CVE-2024-28671 DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/stepselect_main.php. | 8.8 | HIGH | — | 0 |
| CVE-2017-17670 In VideoLAN VLC media player through 2.2.8, there is a type conversion vulnerability in modules/demux/mp4/libmp4.c in the MP4 demux module leading to a invalid free, because the type of a box may be c... | N/A | NONE | — | 0 |
| CVE-2017-17693 Techno - Portfolio Management Panel through 2017-11-16 does not check authorization for panel/portfolio.php?action=delete requests that remove feedback. | N/A | NONE | — | 0 |
| CVE-2017-17694 Techno - Portfolio Management Panel through 2017-11-16 allows XSS via the panel/search.php s parameter. | N/A | NONE | — | 0 |
| CVE-2017-17695 Techno - Portfolio Management Panel through 2017-11-16 allows SQL Injection via the panel/search.php s parameter. | N/A | NONE | — | 0 |
| CVE-2017-17696 Techno - Portfolio Management Panel through 2017-11-16 allows full path disclosure via an invalid s parameter to panel/search.php. | N/A | NONE | — | 0 |
| CVE-2017-17697 The Ping() function in ui/api/target.go in Harbor through 1.3.0-rc4 has SSRF via the endpoint parameter to /api/targets/ping. | 8.6 | HIGH | — | 0 |
| CVE-2017-15890 Cross-site scripting (XSS) vulnerability in Disclaimer in Synology MailPlus Server before 1.4.0-0415 allows remote authenticated users to inject arbitrary web script or HTML via the NAME parameter. | N/A | NONE | — | 0 |
| CVE-2017-14101 A security researcher found an XML External Entity (XXE) vulnerability on the Conserus Image Repository archive solution version 2.1.1.105 by McKesson Medical Imaging Company, which is now a Change He... | N/A | NONE | — | 0 |
| CVE-2017-16776 Security researchers discovered an authentication bypass vulnerability in version 2.0.2 of the Conserus Workflow Intelligence application by McKesson Medical Imaging Company, which is now a Change Hea... | N/A | NONE | — | 0 |
| CVE-2017-16787 The Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote attackers to read arbitrary files by leveraging failure to restrict URL access. | N/A | NONE | — | 0 |
| CVE-2017-16788 Directory traversal vulnerability in the "Upload Groupkey" functionality in the Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote authenticated users wi... | N/A | NONE | — | 0 |
| CVE-2017-17556 A debug tool in Synaptics TouchPad drivers allows local users with administrative access to obtain sensitive information about keyboard scan codes by modifying registry keys. | N/A | NONE | — | 0 |
| CVE-2017-17698 Zoho ManageEngine Password Manager Pro 9 before 9.4 (9400) has reflected XSS in SearchResult.ec and BulkAccessControlView.ec. | N/A | NONE | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.