Total
7549 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-12814 | 2 Microsoft, Perl | 2 Windows, Perl | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Stack-based buffer overflow in the CPerlHost::Add method in win32/perlhost.h in Perl before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 on Windows allows attackers to execute arbitrary code via a long environment variable. | |||||
| CVE-2017-12615 | 4 Apache, Microsoft, Netapp and 1 more | 23 Tomcat, Windows, 7-mode Transition Tool and 20 more | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server. | |||||
| CVE-2017-12553 | 3 Hp, Linux, Microsoft | 3 System Management Homepage, Linux Kernel, Windows | 2024-11-21 | 5.5 MEDIUM | 5.6 MEDIUM |
| A local authentication bypass vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found. | |||||
| CVE-2017-12552 | 3 Hp, Linux, Microsoft | 3 System Management Homepage, Linux Kernel, Windows | 2024-11-21 | 5.5 MEDIUM | 5.6 MEDIUM |
| A local arbitrary execution of commands vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found. | |||||
| CVE-2017-12551 | 3 Hp, Linux, Microsoft | 3 System Management Homepage, Linux Kernel, Windows | 2024-11-21 | 5.5 MEDIUM | 5.6 MEDIUM |
| A local arbitrary execution of commands vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found. | |||||
| CVE-2017-12550 | 3 Hp, Linux, Microsoft | 3 System Management Homepage, Linux Kernel, Windows | 2024-11-21 | 5.5 MEDIUM | 5.6 MEDIUM |
| A local security misconfiguration vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found. | |||||
| CVE-2017-12549 | 3 Hp, Linux, Microsoft | 3 System Management Homepage, Linux Kernel, Windows | 2024-11-21 | 5.5 MEDIUM | 5.6 MEDIUM |
| A local authentication bypass vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found. | |||||
| CVE-2017-12548 | 3 Hp, Linux, Microsoft | 3 System Management Homepage, Linux Kernel, Windows | 2024-11-21 | 5.5 MEDIUM | 5.6 MEDIUM |
| A local arbitrary command execution vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found. | |||||
| CVE-2017-12547 | 3 Hp, Linux, Microsoft | 3 System Management Homepage, Linux Kernel, Windows | 2024-11-21 | 5.5 MEDIUM | 5.6 MEDIUM |
| A local arbitrary command execution vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found. | |||||
| CVE-2017-12546 | 3 Hp, Linux, Microsoft | 3 System Management Homepage, Linux Kernel, Windows | 2024-11-21 | 5.5 MEDIUM | 5.6 MEDIUM |
| A local buffer overflow vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found. | |||||
| CVE-2017-12545 | 3 Hp, Linux, Microsoft | 3 System Management Homepage, Linux Kernel, Windows | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| A remote denial of service vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found. | |||||
| CVE-2017-12544 | 3 Hp, Linux, Microsoft | 3 System Management Homepage, Linux Kernel, Windows | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found. | |||||
| CVE-2017-11742 | 2 Libexpat Project, Microsoft | 2 Libexpat, Windows | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| The writeRandomBytes_RtlGenRandom function in xmlparse.c in libexpat in Expat 2.2.1 and 2.2.2 on Windows allows local users to gain privileges via a Trojan horse ADVAPI32.DLL in the current working directory because of an untrusted search path, aka DLL hijacking. | |||||
| CVE-2017-11308 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe Acrobat and Reader versions 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, 11.0.22 and earlier have an exploitable heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | |||||
| CVE-2017-11307 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe Acrobat and Reader versions 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, 11.0.22 and earlier have an exploitable out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | |||||
| CVE-2017-11306 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe Acrobat and Reader versions 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, 11.0.22 and earlier have an exploitable out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | |||||
| CVE-2017-11305 | 6 Adobe, Apple, Google and 3 more | 11 Flash Player, Flash Player Desktop Runtime, Mac Os X and 8 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| A regression affecting Adobe Flash Player version 27.0.0.187 (and earlier versions) causes the unintended reset of the global settings preference file when a user clears browser data. | |||||
| CVE-2017-11294 | 2 Adobe, Microsoft | 2 Shockwave, Windows | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered in Adobe Shockwave 12.2.9.199 and earlier. An exploitable memory corruption vulnerability exists. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2017-11292 | 6 Adobe, Apple, Google and 3 more | 11 Flash Player, Flash Player Desktop Runtime, Mac Os X and 8 more | 2024-11-21 | 6.0 MEDIUM | 8.8 HIGH |
| Adobe Flash Player version 27.0.0.159 and earlier has a flawed bytecode verification procedure, which allows for an untrusted value to be used in the calculation of an array index. This can lead to type confusion, and successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2017-11282 | 6 Adobe, Apple, Google and 3 more | 10 Flash Player, Macos, Chrome Os and 7 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Adobe Flash Player has an exploitable memory corruption vulnerability in the MP4 atom parser. Successful exploitation could lead to arbitrary code execution. This affects 26.0.0.151 and earlier. | |||||