ReportizFlow
Filtered by vendor
Subscriptions
Total
322798 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-1000433 | 2 Debian, Pysaml2 Project | 2 Debian Linux, Pysaml2 | 2024-11-21 | 8.1 High |
| pysaml2 version 4.4.0 and older accept any password when run with python optimizations enabled. This allows attackers to log in as any user without knowing their password. | ||||
| CVE-2017-1000432 | 1 Vanillaforums | 1 Vanilla Forums | 2024-11-21 | N/A |
| Vanilla Forums below 2.1.5 are affected by CSRF leading to Deleting topics and comments from forums Admin access | ||||
| CVE-2017-1000431 | 1 Ez | 1 Ez Publish | 2024-11-21 | N/A |
| eZ Systems eZ Publish version 5.4.0 to 5.4.9, and 5.3.12 and older, is vulnerable to an XSS issue in the search module, resulting in a risk of attackers injecting scripts which may e.g. steal authentication credentials. | ||||
| CVE-2017-1000430 | 1 Rust-base64 Project | 1 Rust-base64 | 2024-11-21 | N/A |
| rust-base64 version <= 0.5.1 is vulnerable to a buffer overflow when calculating the size of a buffer to use when encoding base64 using the 'encode_config_buf' and 'encode_config' functions | ||||
| CVE-2017-1000429 | 1 Finecms Project | 1 Finecms | 2024-11-21 | N/A |
| rui Li finecms 5.0.10 is vulnerable to a reflected XSS in the file Weixin.php. | ||||
| CVE-2017-1000428 | 1 Flatcore | 1 Flatcore-cms | 2024-11-21 | N/A |
| flatCore-CMS 1.4.6 is vulnerable to reflected XSS in user_management.php due to the use of $_SERVER['PHP_SELF'] to build links and a stored XSS in the admin log panel by specifying a malformed User-Agent string. | ||||
| CVE-2017-1000427 | 1 Marked Project | 1 Marked | 2024-11-21 | N/A |
| marked version 0.3.6 and earlier is vulnerable to an XSS attack in the data: URI parser. | ||||
| CVE-2017-1000426 | 1 Omniscale | 1 Mapproxy | 2024-11-21 | 6.1 Medium |
| MapProxy version 1.10.3 and older is vulnerable to a Cross Site Scripting attack in the demo service resulting in possible information disclosure. | ||||
| CVE-2017-1000425 | 1 Liferay | 1 Liferay Portal | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in the /html/portal/flash.jsp page in Liferay Portal CE 7.0 GA4 and older allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in the "movie" parameter. | ||||
| CVE-2017-1000424 | 1 Atom | 1 Electron | 2024-11-21 | N/A |
| Github Electron version 1.6.4 - 1.6.11 and 1.7.0 - 1.7.5 is vulnerable to a URL Spoofing problem when opening PDFs in PDFium resulting loading arbitrary PDFs that a hacker can control. | ||||
| CVE-2017-1000423 | 1 B2evolution | 1 B2evolution | 2024-11-21 | N/A |
| b2evolution version 6.6.0 - 6.8.10 is vulnerable to input validation (backslash and single quote escape) in basic install functionality resulting in unauthenticated attacker gaining PHP code execution on the victim's setup. | ||||
| CVE-2017-1000422 | 3 Canonical, Debian, Gnome | 3 Ubuntu Linux, Debian Linux, Gdk-pixbuf | 2024-11-21 | N/A |
| Gnome gdk-pixbuf 2.36.8 and older is vulnerable to several integer overflow in the gif_get_lzw function resulting in memory corruption and potential code execution | ||||
| CVE-2017-1000421 | 2 Debian, Lcdf | 2 Debian Linux, Gifsicle | 2024-11-21 | N/A |
| Gifsicle gifview 1.89 and older is vulnerable to a use-after-free in the read_gif function resulting potential code execution | ||||
| CVE-2017-1000420 | 1 Syncthing | 1 Syncthing | 2024-11-21 | N/A |
| Syncthing version 0.14.33 and older is vulnerable to symlink traversal resulting in arbitrary file overwrite | ||||
| CVE-2017-1000419 | 1 Phpbb | 1 Phpbb | 2024-11-21 | N/A |
| phpBB version 3.2.0 is vulnerable to SSRF in the Remote Avatar function resulting allowing an attacker to perform port scanning, requesting internal content and potentially attacking such internal services via the web application. | ||||
| CVE-2017-1000418 | 1 Mindwerks | 1 Wildmidi | 2024-11-21 | N/A |
| The WildMidi_Open function in WildMIDI since commit d8a466829c67cacbb1700beded25c448d99514e5 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file. | ||||
| CVE-2017-1000417 | 1 Matrixssl | 1 Matrixssl | 2024-11-21 | N/A |
| MatrixSSL version 3.7.2 adopts a collision-prone OID comparison logic resulting in possible spoofing of OIDs (e.g. in ExtKeyUsage extension) on X.509 certificates. | ||||
| CVE-2017-1000416 | 1 Axtls Project | 1 Axtls | 2024-11-21 | N/A |
| axTLS version 1.5.3 has a coding error in the ASN.1 parser resulting in the year (19)50 of UTCTime being misinterpreted as 2050. | ||||
| CVE-2017-1000415 | 1 Matrixssl | 1 Matrixssl | 2024-11-21 | N/A |
| MatrixSSL version 3.7.2 has an incorrect UTCTime date range validation in its X.509 certificate validation process resulting in some certificates have their expiration (beginning) year extended (delayed) by 100 years. | ||||
| CVE-2017-1000414 | 1 Impulseadventure | 1 Jpegsnoop | 2024-11-21 | N/A |
| ImpulseAdventure JPEGsnoop version 1.7.5 is vulnerable to a division by zero in the JFIF decode handling resulting denial of service. | ||||