Lucene search
+L

6067 matches found

OSV
OSV
added 2017/12/14 4:29 p.m.14 views

CVE-2017-17514

boxes.c in nip2 8.4.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer indicates that this product does not use the BROWSER...

8.8CVSS8.5AI score0.01685EPSS
Exploits0References2
OSV
OSV
added 2017/12/14 4:29 p.m.3 views

DEBIAN-CVE-2017-17518

swt/motif/browser.c in Whitedune aka whitedune 0.30.10 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: This issue is being disputed as not being ...

8.8CVSS6.8AI score0.01716EPSS
Exploits0References1
OSV
OSV
added 2017/12/14 4:29 p.m.5 views

CVE-2017-17530

common/help.c in Geomview 1.9.5 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: this is disputed by a third party because no untrusted input can ...

8.8CVSS8.7AI score0.01495EPSS
Exploits1References2
OSV
OSV
added 2017/12/14 4:29 p.m.7 views

CVE-2017-17518

swt/motif/browser.c in Whitedune aka whitedune 0.30.10 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: This issue is being disputed as not being ...

8.8CVSS8.3AI score0.01716EPSS
Exploits0References1
CNVD
CNVD
added 2017/12/14 12:0 a.m.4 views

Foxit Reader Information Disclosure Vulnerability (CNVD-2018-00173)

Foxit Reader is China's Foxit Foxit Software Corporation, a PDF document reader. A security vulnerability exists in Foxit Reader version 8.3.1.21155, which is caused by the program failing to properly validate user-submitted data. The vulnerability can be exploited by a remote attacker to disclos...

6.5CVSS6.4AI score0.02456EPSS
Exploits0References1
OSV
OSV
added 2017/12/12 2:29 p.m.7 views

CVE-2017-16680

Two potential audit log injections in SAP HANA extended application services 1.0, advanced model: 1 Certain HTTP/REST endpoints of controller service are missing user input validation which could allow unprivileged attackers to forge audit log lines. Hence the interpretation of audit log files...

7.5CVSS5.8AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2017/12/12 12:0 a.m.8 views

PT-2017-14519 · Sap · Sap Hana Extended Application Services

Name of the Vulnerable Software and Affected Versions: SAP HANA extended application services version 1.0 Description: The issue involves two potential audit log injections in SAP HANA extended application services. Firstly, certain HTTP/REST endpoints of the controller service lack user input...

7.5CVSS7.6AI score0.01654EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2017/12/10 10:29 p.m.1 views

CVE-2017-17497

In Tidy 5.7.0, the prvTidyTidyMetaCharset function in clean.c allows attackers to cause a denial of service Segmentation Fault, because the currentNode variable in the "children of the head" processing feature is modified in the loop without validating the new value...

7.5CVSS5.5AI score0.01377EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2017/12/10 10:0 p.m.47 views

CVE-2017-17497

In Tidy 5.7.0, the prvTidyTidyMetaCharset function in clean.c allows attackers to cause a denial of service Segmentation Fault, because the currentNode variable in the "children of the head" processing feature is modified in the loop without validating the new value...

7.5CVSS5.6AI score0.01377EPSS
Exploits0
OSV
OSV
added 2017/11/22 7:29 p.m.2 views

CVE-2017-8169

Huawei smart phones with software earlier than VIE-L09C40B360 versions have a buffer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious APP which has the root privilege; the APP can send a specific parameter to the smart phone,...

7.8CVSS6.3AI score0.01001EPSS
Exploits0References1
OSV
OSV
added 2017/11/22 7:29 p.m.4 views

CVE-2017-8150

The boot loaders of P10 and P10 Plus Huawei mobile phones with software the versions before Victoria-L09AC605B162, the versions before Victoria-L29AC605B162, the versions before Vicky-L29AC605B162 have an arbitrary memory write vulnerability due to the lack of parameter validation. An attacker wi...

7.8CVSS6AI score0.00958EPSS
Exploits0References1
OSV
OSV
added 2017/11/22 4:16 p.m.6 views

SUSE-SU-2017:3047-1 Security update for xorg-x11-server

This update for xorg-x11-server fixes several issues. These security issues were fixed: - CVE-2017-13721: Missing validation of shmseg resource id in Xext/XShm could lead to shared memory segments of other users beeing freed bnc1052984 - CVE-2017-13723: A local denial of service via unusual...

9.8CVSS7.4AI score0.0437EPSS
Exploits1References26
CNVD
CNVD
added 2017/11/22 12:0 a.m.4 views

IBM Rational DOORS Next Generation Cross-Site Scripting Vulnerability (CNVD-2017-37834)

IBM Rational DOORS Next Generation DNG and Rational Requirements Composer RRC are both requirements management solutions from IBM USA. The solutions are primarily used to define, manage, and report on requirements throughout the project lifecycle. A cross-site scripting vulnerability exists in IB...

5.4CVSS6.5AI score0.00738EPSS
Exploits0References1
CNVD
CNVD
added 2017/11/21 12:0 a.m.3 views

Cisco Spark Board Local Security Bypass Vulnerability

Cisco Spark Board is a dedicated tablet device for video conferencing from Cisco. A local security bypass vulnerability exists in the upgrade process in Cisco Spark Board, which arises from the program failing to adequately validate the upgrade package. A local attacker could exploit the...

4.4CVSS6.5AI score0.00193EPSS
Exploits0References1
CNVD
CNVD
added 2017/11/21 12:0 a.m.33 views

Trusted Boot Arbitrary Code Execution Vulnerability

Trusted Boot tboot is an open source pre-kernel/vmm module that supports booting OS kernels/VMMs after measurement and determination utilizing Intel TXT technology. An arbitrary code execution vulnerability exists in Boot 1.9.6 and earlier versions, which stems from a program's failure to validat...

7.8CVSS7.5AI score0.00417EPSS
Exploits0References1
Prion
Prion
added 2017/11/17 9:29 p.m.12 views

Design/Logic Flaw

The Phoenix Framework versions 1.0.0 through 1.0.4, 1.1.0 through 1.1.6, 1.2.0, 1.2.2 and 1.3.0-rc.0 are vulnerable to unvalidated URL redirection, which may result in phishing or social engineering attacks...

5.8CVSS6.2AI score0.0206EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2017/11/17 9:0 p.m.23 views

CVE-2017-1000163

The Phoenix Framework versions 1.0.0 through 1.0.4, 1.1.0 through 1.1.6, 1.2.0, 1.2.2 and 1.3.0-rc.0 are vulnerable to unvalidated URL redirection, which may result in phishing or social engineering attacks...

6.2AI score0.0206EPSS
Exploits0References1
OSV
OSV
added 2017/11/17 12:0 a.m.3 views

UBUNTU-CVE-2017-16845

hw/input/ps2.c in Qemu does not validate 'rptr' and 'count' values during guest migration, leading to out-of-bounds access...

10CVSS6.7AI score0.03025EPSS
Exploits0References5
OSV
OSV
added 2017/11/16 11:57 a.m.5 views

SUSE-SU-2017:3025-1 Security update for xorg-x11-server

This update for xorg-x11-server provides several fixes. These security issues were fixed: - CVE-2017-13723: Prevent local DoS via unusual characters in XkbAtomText and XkbStringText bsc1051150. - Improve the entropy when generating random data used in X.org server authorization cookies generation...

9.8CVSS9AI score0.0437EPSS
Exploits1References23
OSV
OSV
added 2017/11/06 10:29 p.m.3 views

CVE-2017-14025

An Improper Input Validation issue was discovered in ABB FOX515T release 1.0. An improper input validation vulnerability has been identified, allowing a local attacker to provide a malicious parameter to the script that is not validated by the application, This could enable the attacker to retrie...

5.5CVSS5.7AI score0.00391EPSS
Exploits0References2
Rows per page
Query Builder