Export limit exceeded: 349367 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 349367 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 25299 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (25299 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-2550 | 1 Kubik-rubik | 1 Easy Joomla Backup | 2025-04-20 | N/A |
| Vulnerability in Easy Joomla Backup v3.2.4. The software creates a copy of the backup in the web root with an easily guessable filename. | ||||
| CVE-2017-2576 | 1 Moodle | 1 Moodle | 2025-04-20 | N/A |
| In Moodle 2.x and 3.x, there is incorrect sanitization of attributes in forums. | ||||
| CVE-2017-2584 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Rhel Extras Rt | 2025-04-20 | N/A |
| arch/x86/kvm/emulate.c in the Linux kernel through 4.9.3 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free) via a crafted application that leverages instruction emulation for fxrstor, fxsave, sgdt, and sidt. | ||||
| CVE-2017-3154 | 1 Apache | 1 Atlas | 2025-04-20 | N/A |
| Error responses from Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating included stack trace, exposing excessive information. | ||||
| CVE-2017-3043 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader Dc and 3 more | 2025-04-20 | N/A |
| Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the collaboration functionality. | ||||
| CVE-2017-3085 | 6 Adobe, Apple, Google and 3 more | 12 Flash Player, Flash Player Desktop Runtime, Mac Os X and 9 more | 2025-04-20 | 7.4 High |
| Adobe Flash Player versions 26.0.0.137 and earlier have a security bypass vulnerability that leads to information disclosure when performing URL redirect. | ||||
| CVE-2017-3087 | 1 Adobe | 1 Captivate | 2025-04-20 | N/A |
| Adobe Captivate versions 9 and earlier have an information disclosure vulnerability resulting from abuse of the quiz reporting feature in Captivate. | ||||
| CVE-2017-3098 | 1 Adobe | 1 Captivate | 2025-04-20 | N/A |
| Adobe Captivate versions 9 and earlier have a remote code execution vulnerability in the quiz reporting feature that could be abused to read and write arbitrary files to the server. | ||||
| CVE-2017-3107 | 1 Adobe | 1 Experience Manager | 2025-04-20 | N/A |
| Adobe Experience Manager 6.3 and earlier has a misconfiguration vulnerability. | ||||
| CVE-2017-3110 | 1 Adobe | 1 Experience Manager | 2025-04-20 | N/A |
| Adobe Experience Manager 6.1 and earlier has a sensitive data exposure vulnerability. | ||||
| CVE-2017-3111 | 1 Adobe | 1 Experience Manager | 2025-04-20 | N/A |
| An issue was discovered in Adobe Experience Manager 6.3, 6.2, 6.1, 6.0. Sensitive tokens are included in http GET requests under certain circumstances. | ||||
| CVE-2017-3115 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader Dc and 3 more | 2025-04-20 | N/A |
| Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an information disclosure vulnerability when handling links in a PDF document. | ||||
| CVE-2017-3130 | 1 Fortinet | 1 Fortios | 2025-04-20 | N/A |
| An information disclosure vulnerability in Fortinet FortiOS 5.6.0, 5.4.4 and below versions allows attacker to get FortiOS version info by inspecting FortiOS IKE VendorID packets. | ||||
| CVE-2017-3134 | 1 Fortinet | 1 Fortiwlc-sd | 2025-04-20 | N/A |
| An escalation of privilege vulnerability in Fortinet FortiWLC-SD versions 8.2.4 and below allows attacker to gain root access via the CLI command 'copy running-config'. | ||||
| CVE-2017-3157 | 3 Apache, Debian, Redhat | 9 Openoffice, Debian Linux, Enterprise Linux and 6 more | 2025-04-20 | N/A |
| By exploiting the way Apache OpenOffice before 4.1.4 renders embedded objects, an attacker could craft a document that allows reading in a file from the user's filesystem. Information could be retrieved by the attacker by, e.g., using hidden sections to store the information, tricking the user into saving the document and convincing the user to send the document back to the attacker. The vulnerability is mitigated by the need for the attacker to know the precise file path in the target system, and the need to trick the user into saving the document and sending it back. | ||||
| CVE-2017-3162 | 1 Apache | 1 Hadoop | 2025-04-20 | N/A |
| HDFS clients interact with a servlet on the DataNode to browse the HDFS namespace. The NameNode is provided as a query parameter that is not validated in Apache Hadoop before 2.7.0. | ||||
| CVE-2017-3185 | 1 Acti | 1 Camera Firmware | 2025-04-20 | N/A |
| ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC have a web application that uses the GET method to process requests that contain sensitive information such as user account name and password, which can expose that information through the browser's history, referrers, web logs, and other sources. | ||||
| CVE-2017-3191 | 2 D-link, Dlink | 4 Dir-130 Firmware, Dir-330 Firmware, Dir-130 and 1 more | 2025-04-20 | N/A |
| D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 are vulnerable to authentication bypass of the remote login page. A remote attacker that can access the remote management login page can manipulate the POST request in such a manner as to access some administrator-only pages such as tools_admin.asp without credentials. | ||||
| CVE-2017-3194 | 1 Pandora | 1 Pandora | 2025-04-20 | N/A |
| Pandora iOS app prior to version 8.3.2 fails to properly validate SSL certificates provided by HTTPS connections, which may enable an attacker to conduct man-in-the-middle (MITM) attacks. | ||||
| CVE-2017-3231 | 2 Oracle, Redhat | 6 Jdk, Jre, Enterprise Linux and 3 more | 2025-04-20 | N/A |
| Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 4.3 (Confidentiality impacts). | ||||