Total
12295 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-16816 | 1 Wisc | 1 Htcondor | 2024-11-21 | N/A |
| The condor_schedd component in HTCondor before 8.6.8 and 8.7.x before 8.7.5 allows remote authenticated users to cause a denial of service (daemon crash) by leveraging use of GSI and VOMS extensions. | ||||
| CVE-2017-16813 | 1 Foxitsoftware | 1 Mobilepdf | 2024-11-21 | N/A |
| A denial-of-service issue was discovered in the Foxit MobilePDF app before 6.1 for iOS. This occurs when a user uploads a file that includes a hexadecimal Unicode character in the "filename" parameter via Wi-Fi, since the app could fail to parse this. | ||||
| CVE-2017-16790 | 2 Debian, Sensiolabs | 2 Debian Linux, Symfony | 2024-11-21 | N/A |
| An issue was discovered in Symfony before 2.7.38, 2.8.31, 3.2.14, 3.3.13, 3.4-BETA5, and 4.0-BETA5. When a form is submitted by the user, the request handler classes of the Form component merge POST data and uploaded files data into one array. This big array forms the data that are then bound to the form. At this stage there is no difference anymore between submitted POST data and uploaded files. A user can send a crafted HTTP request where the value of a "FileType" is sent as normal POST data that could be interpreted as a local file path on the server-side (for example, "file:///etc/passwd"). If the application did not perform any additional checks about the value submitted to the "FileType", the contents of the given file on the server could have been exposed to the attacker. | ||||
| CVE-2017-16775 | 1 Synology | 1 Sso Server | 2024-11-21 | N/A |
| Improper restriction of rendered UI layers or frames vulnerability in SSOOauth.cgi in Synology SSO Server before 2.1.3-0129 allows remote attackers to conduct clickjacking attacks via unspecified vectors. | ||||
| CVE-2017-16772 | 1 Synology | 1 Photo Station | 2024-11-21 | N/A |
| Improper input validation vulnerability in SYNOPHOTO_Flickr_MultiUpload in Synology Photo Station before 6.8.3-3463 and before 6.3-2971 allows remote authenticated users to execute arbitrary codes via the prog_id parameter. | ||||
| CVE-2017-16753 | 1 Advantech | 1 Webaccess | 2024-11-21 | N/A |
| An Improper Input Validation issue was discovered in Advantech WebAccess versions prior to 8.3. WebAccess allows some inputs that may cause the program to crash. | ||||
| CVE-2017-16670 | 1 Smartbear | 1 Soapui | 2024-11-21 | N/A |
| The project import functionality in SoapUI 5.3.0 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL project file. | ||||
| CVE-2017-16594 | 1 Netgain-systems | 1 Enterprise Manager | 2024-11-21 | N/A |
| This vulnerability allows remote attackers to create arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp.db.save_005fimage_jsp servlet, which listens on TCP port 8081 by default. When parsing the id parameter, the process does not properly validate user-supplied data, which can allow for the upload of files. An attacker can leverage this vulnerability to execute code under the context of Administrator. Was ZDI-CAN-5117. | ||||
| CVE-2017-16556 | 1 K7computing | 5 Antivirus, Endpoint, Internet Security and 2 more | 2024-11-21 | N/A |
| In K7 Antivirus Premium before 15.1.0.53, user-controlled input can be used to allow local users to write to arbitrary memory locations. | ||||
| CVE-2017-16226 | 1 Static-eval Project | 1 Static-eval | 2024-11-21 | N/A |
| The static-eval module is intended to evaluate statically-analyzable expressions. In affected versions, untrusted user input is able to access the global function constructor, effectively allowing arbitrary code execution. | ||||
| CVE-2017-16138 | 2 Mime Project, Redhat | 2 Mime, Quay | 2024-11-21 | N/A |
| The mime module < 1.4.1, 2.0.1, 2.0.2 is vulnerable to regular expression denial of service when a mime lookup is performed on untrusted user input. | ||||
| CVE-2017-16137 | 2 Debug Project, Redhat | 2 Debug, Quay | 2024-11-21 | N/A |
| The debug module is vulnerable to regular expression denial of service when untrusted user input is passed into the o formatter. It takes around 50k characters to block for 2 seconds making this a low severity issue. | ||||
| CVE-2017-16136 | 1 Expressjs | 1 Method-override | 2024-11-21 | N/A |
| method-override is a module used by the Express.js framework to let you use HTTP verbs such as PUT or DELETE in places where the client doesn't support it. method-override is vulnerable to a regular expression denial of service vulnerability when specially crafted input is passed in to be parsed via the X-HTTP-Method-Override header. | ||||
| CVE-2017-16113 | 1 Parsejson Project | 1 Parsejson | 2024-11-21 | N/A |
| The parsejson module is vulnerable to regular expression denial of service when untrusted user input is passed into it to be parsed. | ||||
| CVE-2017-16042 | 1 Growl Project | 1 Growl | 2024-11-21 | N/A |
| Growl adds growl notification support to nodejs. Growl before 1.10.2 does not properly sanitize input before passing it to exec, allowing for arbitrary command execution. | ||||
| CVE-2017-16026 | 1 Request Project | 1 Request | 2024-11-21 | N/A |
| Request is an http client. If a request is made using ```multipart```, and the body type is a ```number```, then the specified number of non-zero memory is passed in the body. This affects Request >=2.2.6 <2.47.0 || >2.51.0 <=2.67.0. | ||||
| CVE-2017-16023 | 1 Decamelize Project | 1 Decamelize | 2024-11-21 | N/A |
| Decamelize is used to convert a dash/dot/underscore/space separated string to camelCase. Decamelize 1.1.0 through 1.1.1 uses regular expressions to evaluate a string and takes unescaped separator values, which can be used to create a denial of service attack. | ||||
| CVE-2017-16013 | 1 Hapijs | 1 Hapi | 2024-11-21 | N/A |
| hapi is a web and services application framework. When hapi >= 15.0.0 <= 16.1.0 encounters a malformed `accept-encoding` header an uncaught exception is thrown. This may cause hapi to crash or to hang the client connection until the timeout period is reached. | ||||
| CVE-2017-16005 | 1 Joyent | 1 Http-signature | 2024-11-21 | N/A |
| Http-signature is a "Reference implementation of Joyent's HTTP Signature Scheme". In versions <=0.9.11, http-signature signs only the header values, but not the header names. This makes http-signature vulnerable to header forgery. Thus, if an attacker can intercept a request, he can swap header names and change the meaning of the request without changing the signature. | ||||
| CVE-2017-15845 | 1 Google | 1 Android | 2024-11-21 | N/A |
| In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, an invalid input of firmware size (negative value) from user space can potentially lead to the memory leak or buffer overflow during the WLAN cal data store operation. | ||||