Total
323601 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-16775 | 1 Synology | 1 Sso Server | 2024-11-21 | N/A |
| Improper restriction of rendered UI layers or frames vulnerability in SSOOauth.cgi in Synology SSO Server before 2.1.3-0129 allows remote attackers to conduct clickjacking attacks via unspecified vectors. | ||||
| CVE-2017-16773 | 1 Synology | 1 Universal Search | 2024-11-21 | N/A |
| Improper authorization vulnerability in Highlight Preview in Synology Universal Search before 1.0.5-0135 allows remote authenticated users to bypass permission checks for directories in POSIX mode. | ||||
| CVE-2017-16772 | 1 Synology | 1 Photo Station | 2024-11-21 | N/A |
| Improper input validation vulnerability in SYNOPHOTO_Flickr_MultiUpload in Synology Photo Station before 6.8.3-3463 and before 6.3-2971 allows remote authenticated users to execute arbitrary codes via the prog_id parameter. | ||||
| CVE-2017-16771 | 1 Synology | 1 Photo Station | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in Log Viewer in Synology Photo Station before 6.8.3-3463 and before 6.3-2971 allows remote attackers to inject arbitrary web script or HTML via the username parameter. | ||||
| CVE-2017-16770 | 1 Synology | 1 Surveillance Station | 2024-11-21 | N/A |
| File and directory information exposure vulnerability in SYNO.SurveillanceStation.PersonalSettings.Photo in Synology Surveillance Station before 8.1.2-5469 allows remote authenticated users to obtain other user's sensitive files via the filename parameter. | ||||
| CVE-2017-16769 | 1 Synology | 1 Photo Station | 2024-11-21 | N/A |
| Exposure of private information vulnerability in Photo Viewer in Synology Photo Station 6.8.1-3458 allows remote attackers to obtain metadata from password-protected photographs via the map viewer mode. | ||||
| CVE-2017-16767 | 1 Synology | 1 Surveillance Station | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in User Profile in Synology Surveillance Station before 8.1.2-5469 allows remote authenticated users to inject arbitrary web script or HTML via the userDesc parameter. | ||||
| CVE-2017-16756 | 1 Userscape | 1 Helpspot | 2024-11-21 | N/A |
| An issue was discovered in Userscape HelpSpot before 4.7.2. A cross-site request forgery vulnerability exists on POST requests to the "index.php?pg=password.change" endpoint. This allows an attacker to change the password of another user's HelpSpot account. | ||||
| CVE-2017-16755 | 1 Userscape | 1 Helpspot | 2024-11-21 | N/A |
| An issue was discovered in Userscape HelpSpot before 4.7.2. A reflected cross-site scripting vulnerability exists in the "return" parameter of the "index.php?pg=moderated" endpoint. It executes when the return link is clicked. | ||||
| CVE-2017-16753 | 1 Advantech | 1 Webaccess | 2024-11-21 | N/A |
| An Improper Input Validation issue was discovered in Advantech WebAccess versions prior to 8.3. WebAccess allows some inputs that may cause the program to crash. | ||||
| CVE-2017-16751 | 1 Deltaww | 1 Delta Industrial Automation Screen Editor | 2024-11-21 | N/A |
| A Stack-based Buffer Overflow issue was discovered in Delta Electronics Delta Industrial Automation Screen Editor, Version 2.00.23.00 or prior. Stack-based buffer overflow vulnerabilities caused by processing specially crafted .dpb files may allow an attacker to remotely execute arbitrary code. | ||||
| CVE-2017-16749 | 1 Deltaww | 1 Delta Industrial Automation Screen Editor | 2024-11-21 | N/A |
| A Use-after-Free issue was discovered in Delta Electronics Delta Industrial Automation Screen Editor, Version 2.00.23.00 or prior. Specially crafted .dpb files could exploit a use-after-free vulnerability. | ||||
| CVE-2017-16748 | 1 Tridium | 2 Niagara, Niagara Ax Framework | 2024-11-21 | N/A |
| An attacker can log into the local Niagara platform (Niagara AX Framework Versions 3.8 and prior or Niagara 4 Framework Versions 4.4 and prior) using a disabled account name and a blank password, granting the attacker administrator access to the Niagara system. | ||||
| CVE-2017-16747 | 1 Deltaww | 1 Delta Industrial Automation Screen Editor | 2024-11-21 | N/A |
| An Out-of-bounds Write issue was discovered in Delta Electronics Delta Industrial Automation Screen Editor, Version 2.00.23.00 or prior. Specially crafted .dpb files may cause the system to write outside the intended buffer area. | ||||
| CVE-2017-16745 | 1 Deltaww | 1 Delta Industrial Automation Screen Editor | 2024-11-21 | N/A |
| A Type Confusion issue was discovered in Delta Electronics Delta Industrial Automation Screen Editor, Version 2.00.23.00 or prior. An access of resource using incompatible type ('type confusion') vulnerability may allow an attacker to execute remote code when processing specially crafted .dpb files. | ||||
| CVE-2017-16744 | 1 Tridium | 2 Niagara, Niagara Ax Framework | 2024-11-21 | N/A |
| A path traversal vulnerability in Tridium Niagara AX Versions 3.8 and prior and Niagara 4 systems Versions 4.4 and prior installed on Microsoft Windows Systems can be exploited by leveraging valid platform (administrator) credentials. | ||||
| CVE-2017-16743 | 1 Phoenixcontact | 58 Fl Switch 3004t-fx, Fl Switch 3004t-fx Firmware, Fl Switch 3004t-fx St and 55 more | 2024-11-21 | N/A |
| An Improper Authorization issue was discovered in PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, and 48xxx Series products running firmware Version 1.0 to 1.32. A remote unauthenticated attacker may be able to craft special HTTP requests allowing an attacker to bypass web-service authentication allowing the attacker to obtain administrative privileges on the device. | ||||
| CVE-2017-16741 | 1 Phoenixcontact | 58 Fl Switch 3004t-fx, Fl Switch 3004t-fx Firmware, Fl Switch 3004t-fx St and 55 more | 2024-11-21 | N/A |
| An Information Exposure issue was discovered in PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, and 48xxx Series products running firmware Version 1.0 to 1.32. A remote unauthenticated attacker may be able to use Monitor Mode on the device to read diagnostic information. | ||||
| CVE-2017-16740 | 1 Rockwellautomation | 12 1766-l32awa, 1766-l32awa Firmware, 1766-l32awaa and 9 more | 2024-11-21 | N/A |
| A Buffer Overflow issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1400 Controllers, Series B and C Versions 21.002 and earlier. The stack-based buffer overflow vulnerability has been identified, which may allow remote code execution. | ||||
| CVE-2017-16739 | 1 We-con | 2 Levistudio Hmi Editor, Levistudio Hmi Editor Firmware | 2024-11-21 | N/A |
| An issue was discovered in WECON Technology LEVI Studio HMI Editor v1.8.29 and prior. Specially-crafted malicious files may be able to cause stack-based buffer overflow vulnerabilities, which may allow remote code execution. | ||||