Total
316927 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-12102 | 2 Blender, Debian | 2 Blender, Debian Linux | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c converts curves to polygons. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use the file as a library in order to trigger this vulnerability. | |||||
| CVE-2017-12101 | 2 Blender, Debian | 2 Blender, Debian Linux | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| An exploitable integer overflow exists in the 'modifier_mdef_compact_influences' functionality of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open a .blend file in order to trigger this vulnerability. | |||||
| CVE-2017-12100 | 2 Blender, Debian | 2 Blender, Debian Linux | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| An exploitable integer overflow exists in the 'multires_load_old_dm' functionality of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open a .blend file in order to trigger this vulnerability. | |||||
| CVE-2017-12099 | 2 Blender, Debian | 2 Blender, Debian Linux | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| An exploitable integer overflow exists in the upgrade of the legacy Mesh attribute 'tface' of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use it as a library in order to trigger this vulnerability. | |||||
| CVE-2017-12098 | 1 Rails Admin Project | 1 Rails Admin | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An exploitable cross site scripting (XSS) vulnerability exists in the add filter functionality of the rails_admin rails gem version 1.2.0. A specially crafted URL can cause an XSS flaw resulting in an attacker being able to execute arbitrary javascript on the victim's browser. An attacker can phish an authenticated user to trigger this vulnerability. | |||||
| CVE-2017-12097 | 1 Delayed Job Web Project | 1 Delayed Job Web | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An exploitable cross site scripting (XSS) vulnerability exists in the filter functionality of the delayed_job_web rails gem version 1.4. A specially crafted URL can cause an XSS flaw resulting in an attacker being able to execute arbitrary javascript on the victim's browser. An attacker can phish an authenticated user to trigger this vulnerability. | |||||
| CVE-2017-12095 | 1 Meetcircle | 1 Circle With Disney Firmware | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
| An exploitable vulnerability exists in the WiFi Access Point feature of Circle with Disney running firmware 2.0.1. A series of WiFi packets can force Circle to setup an Access Point with default credentials. An attacker needs to send a series of spoofed "de-auth" packets to trigger this vulnerability. | |||||
| CVE-2017-12093 | 1 Rockwellautomation | 2 Micrologix 1400, Micrologix 1400 B Firmware | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An exploitable insufficient resource pool vulnerability exists in the session communication functionality of Allen Bradley Micrologix 1400 Series B Firmware 21.2 and before. A specially crafted stream of packets can cause a flood of the session resource pool resulting in legitimate connections to the PLC being disconnected. An attacker can send unauthenticated packets to trigger this vulnerability. | |||||
| CVE-2017-12092 | 1 Rockwellautomation | 2 Micrologix 1400, Micrologix 1400 B Firmware | 2024-11-21 | 5.0 MEDIUM | 3.7 LOW |
| An exploitable file write vulnerability exists in the memory module functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a file write resulting in a new program being written to the memory module. An attacker can send an unauthenticated packet to trigger this vulnerability. | |||||
| CVE-2017-12090 | 1 Rockwellautomation | 2 Micrologix 1400, Micrologix 1400 B Firmware | 2024-11-21 | 7.8 HIGH | 7.7 HIGH |
| An exploitable denial of service vulnerability exists in the processing of snmp-set commands of the Allen Bradley Micrologix 1400 Series B FRN 21.2 and below. A specially crafted snmp-set request, when sent without associated firmware flashing snmp-set commands, can cause a device power cycle resulting in downtime for the device. An attacker can send one packet to trigger this vulnerability. | |||||
| CVE-2017-12089 | 1 Rockwellautomation | 2 Micrologix 1400, Micrologix 1400 B Firmware | 2024-11-21 | 7.8 HIGH | 8.6 HIGH |
| An exploitable denial of service vulnerability exists in the program download functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a device fault resulting in halted operations. An attacker can send an unauthenticated packet to trigger this vulnerability. | |||||
| CVE-2017-12088 | 1 Rockwellautomation | 2 Micrologix 1400, Micrologix 1400 B Firmware | 2024-11-21 | 7.8 HIGH | 8.6 HIGH |
| An exploitable denial of service vulnerability exists in the Ethernet functionality of the Allen Bradley Micrologix 1400 Series B FRN 21.2 and below. A specially crafted packet can cause a device power cycle resulting in a fault state and deletion of ladder logic. An attacker can send one unauthenticated packet to trigger this vulnerability | |||||
| CVE-2017-12087 | 1 Tinysvcmdns Project | 1 Tinysvcmdns | 2024-11-21 | 7.5 HIGH | 10.0 CRITICAL |
| An exploitable heap overflow vulnerability exists in the tinysvcmdns library version 2016-07-18. A specially crafted packet can make the library overwrite an arbitrary amount of data on the heap with attacker controlled values. An attacker needs send a dns packet to trigger this vulnerability. | |||||
| CVE-2017-12086 | 2 Blender, Debian | 2 Blender, Debian Linux | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| An exploitable integer overflow exists in the 'BKE_mesh_calc_normals_tessface' functionality of the Blender open-source 3d creation suite. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open a .blend file in order to trigger this vulnerability. | |||||
| CVE-2017-12082 | 2 Blender, Debian | 2 Blender, Debian Linux | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| An exploitable integer overflow exists in the 'CustomData' Mesh loading functionality of the Blender open-source 3d creation suite. A .blend file with a specially crafted external data file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to edit an object within a .blend library in their Scene in order to trigger this vulnerability. | |||||
| CVE-2017-12081 | 2 Blender, Debian | 2 Blender, Debian Linux | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| An exploitable integer overflow exists in the upgrade of a legacy Mesh attribute of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use it as a library in order to trigger this vulnerability. | |||||
| CVE-2017-12078 | 1 Synology | 1 Router Manager | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| Command injection vulnerability in EZ-Internet in Synology Router Manager (SRM) before 1.1.6-6931 allows remote authenticated users to execute arbitrary command via the username parameter. | |||||
| CVE-2017-12070 | 1 Opcfoundation | 1 Ua-.net-legacy | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Unsigned versions of the DLLs distributed by the OPC Foundation may be replaced with malicious code. | |||||
| CVE-2017-11740 | 1 Zohocorp | 1 Manageengine Applications Manager | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| In Zoho ManageEngine Application Manager 13.1 Build 13100, the administrative user has the ability to upload files/binaries that can be executed upon the occurrence of an alarm. An attacker can abuse this functionality by uploading a malicious script that can be executed on the remote system. | |||||
| CVE-2017-11739 | 1 Zohocorp | 1 Manageengine Applications Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Zoho ManageEngine Application Manager 13.1 Build 13100, an authenticated user, with administrative privileges, has the ability to add a widget on any dashboard. This widget can be a "Utility Widget" with a "Custom HTML or Text" field. Once this widget is created, it will be loaded on the dashboard where it was added. An attacker can abuse this functionality by creating a "Utility Widget" that contains malicious JavaScript code, aka XSS. | |||||