ReportizFlow
Filtered by vendor
Subscriptions
Total
13190 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-5041 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2025-04-20 | N/A |
| Google Chrome prior to 57.0.2987.100 incorrectly handled back-forward navigation, which allowed a remote attacker to display incorrect information for a site via a crafted HTML page. | ||||
| CVE-2017-9801 | 1 Apache | 1 Commons Email | 2025-04-20 | N/A |
| When a call-site passes a subject for an email that contains line-breaks in Apache Commons Email 1.0 through 1.4, the caller can add arbitrary SMTP headers. | ||||
| CVE-2016-3109 | 1 Shopware | 1 Shopware | 2025-04-20 | N/A |
| The backend/Login/load/ script in Shopware before 5.1.5 allows remote attackers to execute arbitrary code. | ||||
| CVE-2016-10068 | 3 Imagemagick, Opensuse, Opensuse Project | 3 Imagemagick, Leap, Leap | 2025-04-20 | N/A |
| The MSL interpreter in ImageMagick before 6.9.6-4 allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted XML file. | ||||
| CVE-2017-5072 | 2 Google, Redhat | 3 Android, Chrome, Rhel Extras | 2025-04-20 | N/A |
| Inappropriate implementation in Omnibox in Google Chrome prior to 59.0.3071.92 for Android allowed a remote attacker to perform domain spoofing with RTL characters via a crafted URL page. | ||||
| CVE-2017-3898 | 1 Mcafee | 1 Livesafe | 2025-04-20 | N/A |
| A man-in-the-middle attack vulnerability in the non-certificate-based authentication mechanism in McAfee LiveSafe (MLS) versions prior to 16.0.3 allows network attackers to modify the Windows registry value associated with the McAfee update via the HTTP backend-response. | ||||
| CVE-2017-7730 | 1 Ismartalarm | 2 Cubeone, Cubeone Firmware | 2025-04-20 | 7.5 High |
| iSmartAlarm cube devices allow Denial of Service. Sending a SYN flood on port 12345 will freeze the "cube" and it will stop responding. | ||||
| CVE-2017-5089 | 3 Apple, Google, Redhat | 6 Macos, Chrome, Enterprise Linux Desktop and 3 more | 2025-04-20 | 6.5 Medium |
| Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 59.0.3071.104 for Mac allowed a remote attacker to perform domain spoofing via a crafted domain name. | ||||
| CVE-2017-11410 | 1 Wireshark | 1 Wireshark | 2025-04-20 | N/A |
| In Wireshark through 2.0.13 and 2.2.x through 2.2.7, the WBXML dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wbxml.c by adding validation of the relationships between indexes and lengths. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-7702. | ||||
| CVE-2017-9945 | 1 Siemens | 2 7km Pac Switched Ethernet Profinet Expansion Module, 7km Pac Switched Ethernet Profinet Expansion Module Firmware | 2025-04-20 | N/A |
| In the Siemens 7KM PAC Switched Ethernet PROFINET expansion module (All versions < V2.1.3), a Denial-of-Service condition could be induced by a specially crafted PROFINET DCP packet sent as a local Ethernet (Layer 2) broadcast. The affected component requires a manual restart via the main device to recover. | ||||
| CVE-2017-5371 | 1 Sybase | 1 Adaptive Server Enterprise | 2025-04-20 | N/A |
| Odata Server in SAP Adaptive Server Enterprise (ASE) 16 allows remote attackers to cause a denial of service (process crash) via a series of crafted requests, aka SAP Security Note 2330422. | ||||
| CVE-2015-0853 | 1 Pysvn Project | 1 Svn-workbench | 2025-04-20 | 8.8 High |
| svn-workbench 1.6.2 and earlier on a system with xeyes installed allows local users to execute arbitrary commands by using the "Command Shell" menu item while in the directory trunk/$(xeyes). | ||||
| CVE-2017-6181 | 1 Ruby-lang | 1 Ruby | 2025-04-20 | N/A |
| The parse_char_class function in regparse.c in the Onigmo (aka Oniguruma-mod) regular expression library, as used in Ruby 2.4.0, allows remote attackers to cause a denial of service (deep recursion and application crash) via a crafted regular expression. | ||||
| CVE-2017-9773 | 1 Horde | 1 Horde Image | 2025-04-20 | N/A |
| Denial of Service was found in Horde_Image 2.x before 2.5.0 via a crafted URL to the "Null" image driver. | ||||
| CVE-2017-9741 | 1 Projectsend | 1 Projectsend | 2025-04-20 | N/A |
| install/make-config.php in ProjectSend r754 allows remote attackers to execute arbitrary PHP code via the dbprefix parameter, related to replacing TABLES_PREFIX in the configuration file. | ||||
| CVE-2017-7154 | 1 Apple | 3 Iphone Os, Mac Os X, Tvos | 2025-04-20 | N/A |
| An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. The issue involves the "Kernel" component. It allows local users to bypass intended memory-read restrictions or cause a denial of service (system crash). | ||||
| CVE-2017-9303 | 1 Laravel | 1 Laravel | 2025-04-20 | N/A |
| Laravel 5.4.x before 5.4.22 does not properly constrain the host portion of a password-reset URL, which makes it easier for remote attackers to conduct phishing attacks by specifying an attacker-controlled host. | ||||
| CVE-2017-7246 | 2 Pcre, Redhat | 2 Pcre, Jboss Core Services | 2025-04-20 | N/A |
| Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 268) or possibly have unspecified other impact via a crafted file. | ||||
| CVE-2017-6638 | 1 Cisco | 1 Anyconnect Secure Mobility Client | 2025-04-20 | N/A |
| A vulnerability in how DLL files are loaded with Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to install and run an executable file with privileges equivalent to the Microsoft Windows SYSTEM account. The vulnerability is due to incomplete input validation of path and file names of a DLL file before it is loaded. An attacker could exploit this vulnerability by creating a malicious DLL file and installing it in a specific system directory. A successful exploit could allow the attacker to execute commands on the underlying Microsoft Windows host with privileges equivalent to the SYSTEM account. The attacker would need valid user credentials to exploit this vulnerability. This vulnerability affects all Cisco AnyConnect Secure Mobility Client for Windows software versions prior to 4.4.02034. Cisco Bug IDs: CSCvc97928. | ||||
| CVE-2017-7186 | 2 Pcre, Redhat | 3 Pcre, Pcre2, Jboss Core Services | 2025-04-20 | N/A |
| libpcre1 in PCRE 8.40 and libpcre2 in PCRE2 10.23 allow remote attackers to cause a denial of service (segmentation violation for read access, and application crash) by triggering an invalid Unicode property lookup. | ||||