Total
316927 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-14804 | 2 Opensuse, Suse | 2 Leap, Linux Enterprise Software Development Kit | 2024-11-21 | 5.0 MEDIUM | 9.9 CRITICAL |
| The build package before 20171128 did not check directory names during extraction of build results that allowed untrusted builds to write outside of the target system,allowing escape out of buildroots. | |||||
| CVE-2017-14803 | 1 Netiq | 1 Access Manager | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| In NetIQ Access Manager 4.3 and 4.4, a bug exists in Identity Server when accessing a basic SSO connector and downloading the BasicSSO connector plugins on IE11 where an attacker can execute arbitrary code on the system. | |||||
| CVE-2017-14802 | 1 Netiq | 1 Access Manager | 2024-11-21 | 5.8 MEDIUM | 5.4 MEDIUM |
| Novell Access Manager Admin Console and IDP servers before 4.3.3 have a URL that could be used by remote attackers to trigger unvalidated redirects to third party sites. | |||||
| CVE-2017-14801 | 1 Netiq | 1 Access Manager | 2024-11-21 | 4.3 MEDIUM | 4.6 MEDIUM |
| Reflected XSS in the NetIQ Access Manager before 4.3.3 allowed attackers to reflect back xss into the called page using the url parameter. | |||||
| CVE-2017-14800 | 1 Netiq | 1 Access Manager | 2024-11-21 | 4.3 MEDIUM | 5.4 MEDIUM |
| A reflected cross site scripting attack in the NetIQ Access Manager before 4.3.3 using the "typecontainerid" parameter of the policy editor could allowed code injection into pages of authenticated users. | |||||
| CVE-2017-14799 | 1 Netiq | 1 Access Manager | 2024-11-21 | 4.3 MEDIUM | 4.6 MEDIUM |
| A cross site scripting attack in handling the ESP login parameter handling in NetIQ Access Manager before 4.3.3 could be used to inject javascript code into the login page. | |||||
| CVE-2017-14798 | 2 Postgresql, Suse | 2 Postgresql, Suse Linux Enterprise Server | 2024-11-21 | 6.9 MEDIUM | 7.3 HIGH |
| A race condition in the postgresql init script could be used by attackers able to access the postgresql account to escalate their privileges to root. | |||||
| CVE-2017-14742 | 1 Labf | 1 Nfsaxe | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Buffer overflow in LabF nfsAxe FTP client 3.7 allows an attacker to execute code remotely. | |||||
| CVE-2017-14740 | 1 Genixcms | 1 Genixcms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Cross-site scripting (XSS) vulnerability in GeniXCMS 1.1.0 allows remote authenticated users to inject arbitrary web script or HTML via the Menu ID when adding a menu. | |||||
| CVE-2017-14728 | 1 Orpak | 1 Siteomat | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An authentication bypass was found in an unknown area of the SiteOmat source code. All SiteOmat BOS versions are affected, prior to the submission of this exploit. Also, the SiteOmat does not force administrators to switch passwords, leaving SSH and HTTP remote authentication open to public. | |||||
| CVE-2017-14710 | 1 Shein | 1 Shein-fashion Shopping Online | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| The Shein Group Ltd. "SHEIN - Fashion Shopping" app -- aka shein fashion-shopping/id878577184 -- for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2017-14709 | 1 Komoot | 1 Komoot | 2024-11-21 | 5.8 MEDIUM | 7.4 HIGH |
| The komoot GmbH "Komoot - Cycling & Hiking Maps" app before 9.3.2 -- aka komoot-cycling-hiking-maps/id447374873 -- for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2017-14699 | 1 Asus | 32 Dsl-ac51, Dsl-ac51 Firmware, Dsl-ac52u and 29 more | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Multiple XML external entity (XXE) vulnerabilities in the AiCloud feature on ASUS DSL-AC51, DSL-AC52U, DSL-AC55U, DSL-N55U C1, DSL-N55U D1, DSL-AC56U, DSL-N10_C1, DSL-N12U C1, DSL-N12E C1, DSL-N14U, DSL-N14U-B1, DSL-N16, DSL-N16U, DSL-N17U, DSL-N66U, and DSL-AC750 routers allow remote authenticated users to read arbitrary files via a crafted DTD in (1) an UPDATEACCOUNT or (2) a PROPFIND request. | |||||
| CVE-2017-14698 | 1 Asus | 32 Dsl-ac51, Dsl-ac51 Firmware, Dsl-ac52u and 29 more | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| ASUS DSL-AC51, DSL-AC52U, DSL-AC55U, DSL-N55U C1, DSL-N55U D1, DSL-AC56U, DSL-N10_C1, DSL-N12U C1, DSL-N12E C1, DSL-N14U, DSL-N14U-B1, DSL-N16, DSL-N16U, DSL-N17U, DSL-N66U, and DSL-AC750 routers allow remote attackers to change passwords of arbitrary users via the http_passwd parameter to mod_login.asp. | |||||
| CVE-2017-14612 | 1 Shpock | 1 Shpock | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| "Shpock Boot Sale & Classifieds" app before 3.17.0 -- aka shpock-boot-sale-classifieds/id557153158 -- for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2017-14611 | 1 Agentejo | 1 Cockpit | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| SSRF (Server Side Request Forgery) in Cockpit 0.13.0 allows remote attackers to read arbitrary files or send TCP traffic to intranet hosts via the url parameter, related to use of the discontinued aheinze/fetch_url_contents component. | |||||
| CVE-2017-14594 | 1 Atlassian | 2 Jira, Jira Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The printable searchrequest issue resource in Atlassian Jira before version 7.2.12 and from version 7.3.0 before 7.6.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the jqlQuery query parameter. | |||||
| CVE-2017-14593 | 1 Atlassian | 1 Sourcetree | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| Sourcetree for Windows had several argument and command injection bugs in Mercurial and Git repository handling. An attacker with permission to commit to a repository linked in Sourcetree for Windows is able to exploit this issue to gain code execution on the system. From version 0.8.4b of Sourcetree for Windows, this vulnerability can be triggered from a webpage through the use of the Sourcetree URI handler. Versions of Sourcetree for Windows starting with 0.5.1.0 before version 2.4.7.0 are affected by this vulnerability | |||||
| CVE-2017-14592 | 1 Atlassian | 1 Sourcetree | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| Sourcetree for macOS had several argument and command injection bugs in Mercurial and Git repository handling. An attacker with permission to commit to a repository linked in Sourcetree for macOS is able to exploit this issue to gain code execution on the system. From version 1.4.0 of Sourcetree for macOS, this vulnerability can be triggered from a webpage through the use of the Sourcetree URI handler. Versions of Sourcetree for macOS starting with 1.0b2 before version 2.7.0 are affected by this vulnerability. | |||||
| CVE-2017-14537 | 1 Netfortris | 1 Trixbox | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| trixbox 2.8.0.4 has path traversal via the xajaxargs array parameter to /maint/index.php?packages or the lang parameter to /maint/modules/home/index.php. | |||||