CVE-2025-20717

creationtimestamp| type| source ---|---|--- 2025-10-14 13:44:50+00:00| seen| https://infosec.exchange/users/cR0w/statuses/115372817715516192...

CVE-2025-20717

The vulnerability CVE-2025-20717 affects the wlan AP driver (MediaTek) and stems from an incorrect bounds check that enables an out-of-bounds write. This can lead to local escalation of privilege for an attacker who already has System privileges, with no user interaction required. A patch is avai...

CVE-2023-20717

In vcu, there is a possible leak of dma buffer due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07645185; Issue ID: ALPS07645185...

GHSA-GP6M-FQ6H-CJCX Magento LTS vulnerable to stored XSS in admin file form

Summary OpenMage is affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Details MageAdminhtmlBlockSystemConfigFormFieldFile does not escape filename value in certain situations. Same...

Magento LTS vulnerable to stored XSS in admin file form

Summary OpenMage is affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Details MageAdminhtmlBlockSystemConfigFormFieldFile does not escape filename value in certain situations. Same...

CVE-2024-20717 Stored admin XSS via PayPal authentication certificate

Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser wh...

CVE-2024-20717 Stored admin XSS via PayPal authentication certificate

Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser wh...

CVE-2024-20717

CVE-2024-20717 corresponds to a stored XSS vulnerability in Adobe Commerce/Magento Open Source, affecting versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier. The issue stems from Mage_Adminhtml_Block_System_Config_Form_Field_File not escaping the filename in certain conditions, allowing low-privil...

CVE-2023-20717

creationtimestamp| type| source ---|---|--- 2023-05-16 02:30:13+00:00| seen| https://t.me/cibsecurity/64192 2025-01-24 17:05:10+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/2951...

CVE-2023-20717

In vcu, there is a possible leak of dma buffer due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07645185; Issue ID: ALPS07645185...

CVE-2023-20717

In vcu, there is a possible leak of dma buffer due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07645185; Issue ID: ALPS07645185...

CVE-2023-20717

CVE-2023-20717 relates to the vcu module where a race condition can leak a DMA buffer, enabling local information disclosure with SYSTEM privileges and no user interaction. A patch (ALPS07645185) exists; no exploitation details are provided in the connected documents. References show consistent d...

CVE-2022-20717

creationtimestamp| type| source ---|---|--- 2022-04-15 18:20:27+00:00| seen| https://t.me/cibsecurity/40865...

CVE-2022-20717

Cisco SD-WAN vEdge Routers are affected by CVE-2022-20717 due to a NETCONF handling memory-management flaw that can allow an authenticated, local attacker to trigger memory exhaustion and cause a DoS by sending large volumes of traffic. The impact is device crash/DoS as described in multiple sour...

CVE-2022-20717

A vulnerability in the NETCONF process of Cisco SD-WAN vEdge Routers could allow an authenticated, local attacker to cause an affected device to run out of memory, resulting in a denial of service DoS condition. This vulnerability is due to insufficient memory management when an affected device...

Cisco SD-WAN vEdge Routers DoS (cisco-sa-sdwan-vedge-dos-jerVm4bB)

According to its self-reported version, Cisco SD-WAN Viptela Software is affected by a vulnerability. - A vulnerability in the NETCONF process of Cisco SD-WAN vEdge Routers could allow an authenticated, local attacker to cause an affected device to run out of memory, resulting in a denial of...

CVE-2021-20717

creationtimestamp| type| source ---|---|--- 2021-05-30 13:43:01+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/3490...

CVE-2021-20717

CVE-2021-20717 affects EC-CUBE 4.0.0–4.0.5. The vulnerability is a Cross-site Scripting (CWE-79) in input handling on EC‑built sites, allowing a remote attacker to inject a crafted script that can execute in an administrator’s browser. The root cause is an input field within EC‑Cube’s web pages t...

CVE-2019-20717

Certain NETGEAR devices are affected by denial of service. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D7800 before 1.0.1.44, EX2700 before 1.0.1.52, EX6200v2 before 1.0.1.74, EX8000 before 1.0.1.180, R7500v2 before 1.0.3.38, R7800 before 1.0.2.58, RBK20 before 2.3.0.28, RBR20 befo...

CVE-2019-20717

Certain NETGEAR devices are affected by denial of service. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D7800 before 1.0.1.44, EX2700 before 1.0.1.52, EX6200v2 before 1.0.1.74, EX8000 before 1.0.1.180, R7500v2 before 1.0.3.38, R7800 before 1.0.2.58, RBK20 before 2.3.0.28, RBR20 befo...