Search Results (10828 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-15597 1 Xen 1 Xen 2025-04-20 N/A
An issue was discovered in Xen through 4.9.x. Grant copying code made an implication that any grant pin would be accompanied by a suitable page reference. Other portions of code, however, did not match up with that assumption. When such a grant copy operation is being done on a grant of a dying domain, the assumption turns out wrong. A malicious guest administrator can cause hypervisor memory corruption, most likely resulting in host crash and a Denial of Service. Privilege escalation and information leaks cannot be ruled out.
CVE-2017-15610 1 Octopus 1 Octopus Deploy 2025-04-20 N/A
An issue was discovered in Octopus before 3.17.7. When the special Guest user account is granted the CertificateExportPrivateKey permission, and Guest Access is enabled for the Octopus Server, an attacker can sign in as the Guest account and export Certificates managed by Octopus, including the private key.
CVE-2017-16248 1 Catalyst-plugin-static-simple Project 1 Catalyst-plugin-static-simple 2025-04-20 N/A
The Catalyst-Plugin-Static-Simple module before 0.34 for Perl allows remote attackers to read arbitrary files if there is a '.' character anywhere in the pathname, which differs from the intended policy of allowing access only when the filename itself has a '.' character.
CVE-2017-16353 2 Debian, Graphicsmagick 2 Debian Linux, Graphicsmagick 2025-04-20 N/A
GraphicsMagick 1.3.26 is vulnerable to a memory information disclosure vulnerability found in the DescribeImage function of the magick/describe.c file, because of a heap-based buffer over-read. The portion of the code containing the vulnerability is responsible for printing the IPTC Profile information contained in the image. This vulnerability can be triggered with a specially crafted MIFF file. There is an out-of-bounds buffer dereference because certain increments are never checked.
CVE-2017-16355 2 Debian, Phusion 2 Debian Linux, Passenger 2025-04-20 4.7 Medium
In agent/Core/SpawningKit/Spawner.h in Phusion Passenger 5.1.10 (fixed in Passenger Open Source 5.1.11 and Passenger Enterprise 5.1.10), if Passenger is running as root, it is possible to list the contents of arbitrary files on a system by symlinking a file named REVISION from the application root folder to a file of choice and querying passenger-status --show=xml.
CVE-2017-16369 1 Adobe 4 Acrobat, Acrobat Dc, Acrobat Reader and 1 more 2025-04-20 N/A
An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a Same Origin Policy security bypass vulnerability, affecting files on the local system, etc.
CVE-2017-1698 1 Ibm 1 Websphere Portal 2025-04-20 N/A
IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could reveal sensitive information from an error message that could lead to further attacks against the system. IBM X-Force ID: 124390.
CVE-2017-16994 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2025-04-20 N/A
The walk_hugetlb_range function in mm/pagewalk.c in the Linux kernel before 4.14.2 mishandles holes in hugetlb ranges, which allows local users to obtain sensitive information from uninitialized kernel memory via crafted use of the mincore() system call.
CVE-2017-17046 1 Xen 1 Xen 2025-04-20 N/A
An issue was discovered in Xen through 4.9.x on the ARM platform allowing guest OS users to obtain sensitive information from DRAM after a reboot, because disjoint blocks, and physical addresses that do not start at zero, are mishandled.
CVE-2017-17068 1 Auth0 1 Auth0.js 2025-04-20 N/A
A cross-origin vulnerability has been discovered in the Auth0 auth0.js library affecting versions < 8.12. This vulnerability allows an attacker to acquire authenticated users' tokens and invoke services on a user's behalf if the target site or application uses a popup callback page with auth0.popup.callback().
CVE-2017-17104 1 Fiyo 1 Fiyo Cms 2025-04-20 N/A
Fiyo CMS 2.0.7 has an arbitrary file read vulnerability in dapur/apps/app_theme/libs/check_file.php via $_GET['src'] or $_GET['name'].
CVE-2017-17793 1 Blogotext Project 1 Blogotext 2025-04-20 N/A
Information Disclosure vulnerability in creer_fichier_zip in admin/maintenance.php in BlogoText through 3.7.6 allows remote attackers to defeat a filename-randomization protection mechanism, and read backup archives on Windows servers, by providing the archiv~1.zip name (aka an 8.3 filename).
CVE-2017-17864 2 Debian, Linux 2 Debian Linux, Linux Kernel 2025-04-20 N/A
kernel/bpf/verifier.c in the Linux kernel through 4.14.8 mishandles states_equal comparisons between the pointer data type and the UNKNOWN_VALUE data type, which allows local users to obtain potentially sensitive address information, aka a "pointer leak."
CVE-2017-17898 1 Dolibarr 1 Dolibarr Erp\/crm 2025-04-20 N/A
Dolibarr ERP/CRM version 6.0.4 does not block direct requests to *.tpl.php files, which allows remote attackers to obtain sensitive information.
CVE-2017-17926 1 Ordermanagementscript 1 Professional Service Script 2025-04-20 N/A
PHP Scripts Mall Professional Service Script has a predicable registration URL, which makes it easier for remote attackers to register with an invalid or spoofed e-mail address.
CVE-2017-2093 1 Cybozu 1 Garoon 2025-04-20 N/A
Cybozu Garoon 3.0.0 to 4.2.3 allow remote attackers to obtain tokens used for CSRF protection via unspecified vectors.
CVE-2017-2103 1 K-opticom Corporation 1 Lala Call 2025-04-20 N/A
The LaLa Call App for Android 2.4.7 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2017-2104 1 K-opticom Corporation 1 Business Lala Call 2025-04-20 N/A
The Business LaLa Call App for Android 1.4.7 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2017-2105 1 Presentcast Inc 1 Tver 2025-04-20 N/A
The TVer App for Android 3.2.7 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2017-2109 1 Cybozu 1 Kunai 2025-04-20 N/A
Cybozu KUNAI for Android 3.0.4 to 3.0.5.1 allow remote attackers to obtain log information through a malicious Android application.