ReportizFlow
Filtered by vendor
Subscriptions
Total
322798 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-1000461 | 1 Brave | 1 Browser | 2024-11-21 | N/A |
| Brave Software's Brave Browser, version 0.19.73 (and earlier) is vulnerable to an incorrect access control issue in the "JS fingerprinting blocking" component, resulting in a malicious website being able to access the fingerprinting-associated browser functionality (that the browser intends to block). | ||||
| CVE-2017-1000460 | 3 Ffmpeg, Google, Libav | 3 Ffmpeg, Chrome, Libav | 2024-11-21 | N/A |
| In line libavcodec/h264dec.c:500 in libav(v13_dev0), ffmpeg(n3.4), chromium(56 prior Feb 13, 2017), the return value of init_get_bits is ignored and get_ue_golomb(&gb) is called on an uninitialized get_bits context, which causes a NULL deref exception. | ||||
| CVE-2017-1000459 | 1 Leanote | 1 Leanote | 2024-11-21 | N/A |
| Leanote version <= 2.5 is vulnerable to XSS due to not sanitized input in markdown notes | ||||
| CVE-2017-1000458 | 1 Bro | 1 Bro | 2024-11-21 | N/A |
| Bro before Bro v2.5.2 is vulnerable to an out of bounds write in the ContentLine analyzer allowing remote attackers to cause a denial of service (crash) and possibly other exploitation. | ||||
| CVE-2017-1000457 | 1 Mojoportal | 1 Mojoportal | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in Help.aspx in mojoPortal version 2.5.0.0 allows remote attackers to inject arbitrary web script or HTML via the helpkey parameter. Exploitation requires authenticated reflected cross-site scripting for user accounts assigned either the "Administrators" or "Content Administrators" role. | ||||
| CVE-2017-1000456 | 2 Debian, Freedesktop | 2 Debian Linux, Poppler | 2024-11-21 | N/A |
| freedesktop.org libpoppler 0.60.1 fails to validate boundaries in TextPool::addWord, leading to overflow in subsequent calculations. | ||||
| CVE-2017-1000455 | 1 Gnu | 1 Guixsd | 2024-11-21 | N/A |
| GuixSD prior to Git commit 5e66574a128937e7f2fcf146d146225703ccfd5d used POSIX hard links incorrectly, leading the creation of setuid executables in "the store", violating a fundamental security assumption of GNU Guix. | ||||
| CVE-2017-1000454 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | N/A |
| CMS Made Simple 2.1.6, 2.2, 2.2.1 are vulnerable to Smarty Template Injection in some core components, resulting in local file read before 2.2, and local file inclusion since 2.2.1 | ||||
| CVE-2017-1000453 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | N/A |
| CMS Made Simple version 2.1.6 and 2.2 are vulnerable to Smarty templating injection in some core modules, resulting in unauthenticated PHP code execution. | ||||
| CVE-2017-1000452 | 1 Samlify Project | 1 Samlify | 2024-11-21 | N/A |
| An XML Signature Wrapping vulnerability exists in Samlify 2.2.0 and earlier, and in predecessor Express-saml2 which could allow attackers to impersonate arbitrary users. | ||||
| CVE-2017-1000451 | 1 Fs-git Project | 1 Fs-git | 2024-11-21 | N/A |
| fs-git is a file system like api for git repository. The fs-git version 1.0.1 module relies on child_process.exec, however, the buildCommand method used to construct exec strings does not properly sanitize data and is vulnerable to command injection across all methods that use it and call exec. | ||||
| CVE-2017-1000450 | 2 Debian, Opencv | 2 Debian Linux, Opencv | 2024-11-21 | 8.8 High |
| In opencv/modules/imgcodecs/src/utils.cpp, functions FillUniColor and FillUniGray do not check the input length, which can lead to integer overflow. If the image is from remote, may lead to remote code execution or denial of service. This affects Opencv 3.3 and earlier. | ||||
| CVE-2017-1000448 | 1 Structured-data | 1 Structured Data Linter | 2024-11-21 | N/A |
| Structured Data Linter versions 2.4.1 and older are vulnerable to a directory traversal attack in the URL input field resulting in the possibility of disclosing information about the remote host. | ||||
| CVE-2017-1000445 | 3 Canonical, Debian, Imagemagick | 3 Ubuntu Linux, Debian Linux, Imagemagick | 2024-11-21 | 6.5 Medium |
| ImageMagick 7.0.7-1 and older version are vulnerable to null pointer dereference in the MagickCore component and might lead to denial of service | ||||
| CVE-2017-1000444 | 1 Openhacker Project | 1 Openhacker | 2024-11-21 | N/A |
| Eleix Openhacker version 0.1.47 is vulnerable to an SQL injection in the account registration and login component resulting in information disclosure and remote code execution | ||||
| CVE-2017-1000443 | 1 Openhacker Project | 1 Openhacker | 2024-11-21 | N/A |
| Eleix Openhacker version 0.1.47 is vulnerable to a XSS vulnerability in the bank transactions component resulting in arbitrary code execution in the browser. | ||||
| CVE-2017-1000442 | 1 Passbolt | 1 Passbolt Api | 2024-11-21 | N/A |
| Passbolt API version 1.6.4 and older are vulnerable to a XSS in the url field on the password workspace | ||||
| CVE-2017-1000438 | 1 Openmicroscopy | 1 Omero | 2024-11-21 | N/A |
| In OMERO 5.3.3 or earlier a user could create an OriginalFile and adjust its path such that it now points to another user's file on the underlying filesystem, then manipulate the user's data. | ||||
| CVE-2017-1000437 | 1 Creolabs | 1 Gravity | 2024-11-21 | N/A |
| Creolabs Gravity 1.0 contains a stack based buffer overflow in the operator_string_add function, resulting in remote code execution. | ||||
| CVE-2017-1000434 | 1 Furikake Project | 1 Furikake | 2024-11-21 | N/A |
| Wordpress plugin Furikake version 0.1.0 is vulnerable to an Open Redirect The furikake-redirect parameter on a page allows for a redirect to an attacker controlled page classes/Furigana.php: header('location:'.urldecode($_GET['furikake-redirect'])); | ||||