Total
323516 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-14873 | 1 Google | 1 Android | 2024-11-21 | N/A |
| In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the pp_pgc_get_config() graphics driver function, a kernel memory overwrite can potentially occur. | ||||
| CVE-2017-14872 | 1 Google | 1 Android | 2024-11-21 | N/A |
| While flashing a meta image, a buffer over-read can potentially occur when the number of images are out of the maximum range of 32 in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05. | ||||
| CVE-2017-14870 | 1 Google | 1 Android | 2024-11-21 | N/A |
| In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while updating the recovery message for eMMC devices, 1088 bytes of stack memory can potentially be leaked. | ||||
| CVE-2017-14869 | 1 Google | 1 Android | 2024-11-21 | N/A |
| In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while performing update of FOTA partition, uninitialized data can be pushed to storage. | ||||
| CVE-2017-14854 | 1 Orpak | 1 Siteomat | 2024-11-21 | N/A |
| A stack buffer overflow exists in one of the Orpak SiteOmat CGI components, allowing for remote code execution. The vulnerability affects all versions prior to 2017-09-25. | ||||
| CVE-2017-14853 | 1 Orpak | 1 Siteomat | 2024-11-21 | N/A |
| The Orpak SiteOmat OrCU component is vulnerable to code injection, for all versions prior to 2017-09-25, due to a search query that uses a direct shell command. By tampering with the request, an attacker is able to run shell commands and receive valid output from the device. | ||||
| CVE-2017-14852 | 1 Orpak | 1 Siteomat | 2024-11-21 | N/A |
| An insecure communication was found between a user and the Orpak SiteOmat management console for all known versions, due to an invalid SSL certificate. The attack allows for an eavesdropper to capture the communication and decrypt the data. | ||||
| CVE-2017-14851 | 1 Orpak | 1 Siteomat | 2024-11-21 | N/A |
| A SQL injection vulnerability exists in all Orpak SiteOmat versions prior to 2017-09-25. The vulnerability is in the login page, where the authentication validation process contains an insecure SELECT query. The attack allows for authentication bypass. | ||||
| CVE-2017-14850 | 1 Orpak | 1 Siteomat | 2024-11-21 | N/A |
| All known versions of the Orpak SiteOmat web management console is vulnerable to multiple instances of Stored Cross-site Scripting due to improper external user-input validation. An attacker with access to the web interface is able to hijack sessions or navigate victims outside of SiteOmat, to a malicious server owned by him. | ||||
| CVE-2017-14807 | 1 Suse | 2 Studio Onsite, Susestudio-ui-server | 2024-11-21 | 8.1 High |
| An Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in susestudio-ui-server of SUSE Studio onsite allows remote attackers with admin privileges in Studio to alter SQL statements, allowing for extraction and modification of data. This issue affects: SUSE Studio onsite susestudio-ui-server version 1.3.17-56.6.3 and prior versions. | ||||
| CVE-2017-14806 | 1 Suse | 2 Studio Onsite, Susestudio-ui-server | 2024-11-21 | 3.7 Low |
| A Improper Certificate Validation vulnerability in susestudio-common of SUSE Studio onsite allows remote attackers to MITM connections to the repositories, which allows the modification of packages received over these connections. This issue affects: SUSE Studio onsite susestudio-common version 1.3.17-56.6.3 and prior versions. | ||||
| CVE-2017-14804 | 2 Opensuse, Suse | 2 Leap, Linux Enterprise Software Development Kit | 2024-11-21 | N/A |
| The build package before 20171128 did not check directory names during extraction of build results that allowed untrusted builds to write outside of the target system,allowing escape out of buildroots. | ||||
| CVE-2017-14803 | 1 Netiq | 1 Access Manager | 2024-11-21 | N/A |
| In NetIQ Access Manager 4.3 and 4.4, a bug exists in Identity Server when accessing a basic SSO connector and downloading the BasicSSO connector plugins on IE11 where an attacker can execute arbitrary code on the system. | ||||
| CVE-2017-14802 | 1 Netiq | 1 Access Manager | 2024-11-21 | N/A |
| Novell Access Manager Admin Console and IDP servers before 4.3.3 have a URL that could be used by remote attackers to trigger unvalidated redirects to third party sites. | ||||
| CVE-2017-14801 | 1 Netiq | 1 Access Manager | 2024-11-21 | N/A |
| Reflected XSS in the NetIQ Access Manager before 4.3.3 allowed attackers to reflect back xss into the called page using the url parameter. | ||||
| CVE-2017-14800 | 1 Netiq | 1 Access Manager | 2024-11-21 | N/A |
| A reflected cross site scripting attack in the NetIQ Access Manager before 4.3.3 using the "typecontainerid" parameter of the policy editor could allowed code injection into pages of authenticated users. | ||||
| CVE-2017-14799 | 1 Netiq | 1 Access Manager | 2024-11-21 | N/A |
| A cross site scripting attack in handling the ESP login parameter handling in NetIQ Access Manager before 4.3.3 could be used to inject javascript code into the login page. | ||||
| CVE-2017-14798 | 2 Postgresql, Suse | 2 Postgresql, Suse Linux Enterprise Server | 2024-11-21 | N/A |
| A race condition in the postgresql init script could be used by attackers able to access the postgresql account to escalate their privileges to root. | ||||
| CVE-2017-14742 | 1 Labf | 1 Nfsaxe | 2024-11-21 | 9.8 Critical |
| Buffer overflow in LabF nfsAxe FTP client 3.7 allows an attacker to execute code remotely. | ||||
| CVE-2017-14740 | 1 Genixcms | 1 Genixcms | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in GeniXCMS 1.1.0 allows remote authenticated users to inject arbitrary web script or HTML via the Menu ID when adding a menu. | ||||