Export limit exceeded: 348218 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10931 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-6032 | 1 Schneider-electric | 2 Modbus, Modbus Firmware | 2025-04-20 | N/A |
| A Violation of Secure Design Principles issue was discovered in Schneider Electric Modicon Modbus Protocol. The Modicon Modbus protocol has a session-related weakness making it susceptible to brute-force attacks. | ||||
| CVE-2017-6055 | 1 Eparaksts | 1 Eparakstitajs 3 | 2025-04-20 | N/A |
| XML external entity (XXE) vulnerability in eParakstitajs 3 before 1.3.9 and eParaksts Java lib before 2.5.13 allows remote attackers to read arbitrary files or possibly have unspecified other impact via a crafted edoc file. | ||||
| CVE-2017-6100 | 1 Tcpdf Project | 1 Tcpdf | 2025-04-20 | N/A |
| tcpdf before 6.2.0 uploads files from the server generating PDF-files to an external FTP. | ||||
| CVE-2017-6145 | 1 F5 | 10 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 7 more | 2025-04-20 | N/A |
| iControl REST in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, and WebSafe 12.0.0 through 12.1.2 and 13.0.0 includes a service to convert authorization BIGIPAuthCookie cookies to X-F5-Auth-Token tokens. This service does not properly re-validate cookies when making that conversion, allowing once-valid but now expired cookies to be converted to valid tokens. | ||||
| CVE-2017-6181 | 1 Ruby-lang | 1 Ruby | 2025-04-20 | N/A |
| The parse_char_class function in regparse.c in the Onigmo (aka Oniguruma-mod) regular expression library, as used in Ruby 2.4.0, allows remote attackers to cause a denial of service (deep recursion and application crash) via a crafted regular expression. | ||||
| CVE-2017-6267 | 2 Microsoft, Nvidia | 2 Windows, Gpu Driver | 2025-04-20 | N/A |
| NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where an incorrect initialization of internal objects can cause an infinite loop which may lead to a denial of service. | ||||
| CVE-2017-6872 | 1 Siemens | 4 Ozw672, Ozw672 Firmware, Ozw772 and 1 more | 2025-04-20 | N/A |
| A vulnerability was discovered in Siemens OZW672 (all versions) and OZW772 (all versions) that could allow an attacker with access to port 21/tcp to access or alter historical measurement data stored on the device. | ||||
| CVE-2017-6895 | 1 Usb Pratirodh Project | 1 Usb Pratirodh | 2025-04-20 | N/A |
| USB Pratirodh allows remote attackers to conduct XML External Entity (XXE) attacks via XML data in usb.xml. | ||||
| CVE-2017-7308 | 2 Linux, Redhat | 4 Linux Kernel, Enterprise Linux, Enterprise Mrg and 1 more | 2025-04-20 | 7.8 High |
| The packet_set_ring function in net/packet/af_packet.c in the Linux kernel through 4.10.6 does not properly validate certain block-size data, which allows local users to cause a denial of service (integer signedness error and out-of-bounds write), or gain privileges (if the CAP_NET_RAW capability is held), via crafted system calls. | ||||
| CVE-2017-7343 | 1 Fortinet | 1 Fortiportal | 2025-04-20 | N/A |
| An open redirect vulnerability in Fortinet FortiPortal 4.0.0 and below allows attacker to execute unauthorized code or commands via the url parameter. | ||||
| CVE-2017-7457 | 1 Moxa | 1 Mx-aopc Server | 2025-04-20 | N/A |
| XML External Entity via ".AOP" files used by Moxa MX-AOPC Server 1.5 result in remote file disclosure. | ||||
| CVE-2017-7479 | 1 Openvpn | 1 Openvpn | 2025-04-20 | N/A |
| OpenVPN versions before 2.3.15 and before 2.4.2 are vulnerable to reachable assertion when packet-ID counter rolls over resulting into Denial of Service of server by authenticated attacker. | ||||
| CVE-2017-7478 | 1 Openvpn | 1 Openvpn | 2025-04-20 | N/A |
| OpenVPN version 2.3.12 and newer is vulnerable to unauthenticated Denial of Service of server via received large control packet. Note that this issue is fixed in 2.3.15 and 2.4.2. | ||||
| CVE-2017-7490 | 1 Moodle | 1 Moodle | 2025-04-20 | N/A |
| In Moodle 2.x and 3.x, searching of arbitrary blogs is possible because a capability check is missing. | ||||
| CVE-2017-7495 | 2 Linux, Redhat | 4 Linux Kernel, Enterprise Linux, Enterprise Mrg and 1 more | 2025-04-20 | N/A |
| fs/ext4/inode.c in the Linux kernel before 4.6.2, when ext4 data=ordered mode is used, mishandles a needs-flushing-before-commit list, which allows local users to obtain sensitive information from other users' files in opportunistic circumstances by waiting for a hardware reset, creating a new file, making write system calls, and reading this file. | ||||
| CVE-2017-7503 | 1 Redhat | 2 Jboss Enterprise Application Platform, Jboss Enterprise Application Platform Cd | 2025-04-20 | N/A |
| It was found that the Red Hat JBoss EAP 7.0.5 implementation of javax.xml.transform.TransformerFactory is vulnerable to XXE. An attacker could use this flaw to launch DoS or SSRF attacks, or read files from the server where EAP is deployed. | ||||
| CVE-2017-7508 | 1 Openvpn | 1 Openvpn | 2025-04-20 | N/A |
| OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service when receiving malformed IPv6 packet. | ||||
| CVE-2017-7515 | 1 Freedesktop | 1 Poppler | 2025-04-20 | N/A |
| poppler through version 0.55.0 is vulnerable to an uncontrolled recursion in pdfunite resulting into potential denial-of-service. | ||||
| CVE-2017-7533 | 2 Linux, Redhat | 5 Linux Kernel, Enterprise Linux, Enterprise Mrg and 2 more | 2025-04-20 | 7.0 High |
| Race condition in the fsnotify implementation in the Linux kernel through 4.12.4 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that leverages simultaneous execution of the inotify_handle_event and vfs_rename functions. | ||||
| CVE-2017-7909 | 1 Advantech B\+b Smartworx | 2 Mesr901, Mesr901 Firmware | 2025-04-20 | N/A |
| A Use of Client-Side Authentication issue was discovered in Advantech B+B SmartWorx MESR901 firmware versions 1.5.2 and prior. The web interface uses JavaScript to check client authentication and redirect unauthorized users. Attackers may intercept requests and bypass authentication to access restricted web pages. | ||||