2017 年に公開された CVE を表示しています。 CVE の一覧へ
| CVE | 説明 | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|
| CVE-2017-18005 | Exiv2 0.26 has a Null Pointer Dereference in the Exiv2::DataValue::toLong function in value.cpp, related to crafted metadata in a TIFF file. | 5.5 | 0.79% | 2017-12-31 | 2026-06-16 |
| CVE-2017-18004 | Zurmo 3.2.3 allows XSS via the latitude or longitude parameter to maps/default/mapAndPoint. | 5.4 | 0.63% | 2017-12-31 | 2026-06-16 |
| CVE-2017-18001 | Trustwave Secure Web Gateway (SWG) through 11.8.0.27 allows remote attackers to append an arbitrary public key to the device's SSH Authorized Keys data, and consequently obtain remote root access, via the publicKey parameter to the /sendKey URI. | 9.8 | 13.71% | 2017-12-31 | 2026-06-16 |
| CVE-2017-17704 | A door-unlocking issue was discovered on Software House iStar Ultra devices through 6.5.2.20569 when used in conjunction with the IP-ACM Ethernet Door Module. The communications between the IP-ACM and the iStar Ultra is encrypted using a fixed AES key and IV. Each message is encrypted in CBC mode and restarts with the fixed IV, leading to replay attacks of entire messages. There is no authentication of messages beyond the use of the fixed AES key, so message forgery is also possible. | 7.4 | 0.99% | 2017-12-30 | 2026-06-16 |
| CVE-2016-10704 | Magento Community Edition and Enterprise Edition before 2.0.10 and 2.1.x before 2.1.2 have XSS via e-mail templates that are mishandled during a preview, aka APPSEC-1503. | 6.1 | 0.64% | 2017-12-30 | 2026-06-16 |
| CVE-2017-17089 | custom/run.cgi in Webmin before 1.870 allows remote authenticated administrators to conduct XSS attacks via the description field in the custom command functionality. | 4.8 | 0.83% | 2017-12-30 | 2026-06-16 |
| CVE-2017-14855 | Red Lion HMI panels allow remote attackers to cause a denial of service (software exception) via an HTTP POST request to a long URI that does not exist, as demonstrated by version HMI 2.41 PLC 2.42. | 8.6 | 1.38% | 2017-12-30 | 2026-06-16 |
| CVE-2017-17997 | In Wireshark before 2.2.12, the MRDISC dissector misuses a NULL pointer and crashes. This was addressed in epan/dissectors/packet-mrdisc.c by validating an IPv4 address. This vulnerability is similar to CVE-2017-9343. | 7.5 | 1.76% | 2017-12-30 | 2026-06-16 |
| CVE-2017-12813 | PHPJabbers File Sharing Script 1.0 has stored XSS in the comments section. | 6.1 | 0.63% | 2017-12-30 | 2026-06-16 |
| CVE-2017-12812 | PHPJabbers Night Club Booking Software has stored XSS in the name parameter in the reservations tab. | 6.1 | 0.63% | 2017-12-30 | 2026-06-16 |
| CVE-2017-12811 | PHPJabbers Star Rating Script 4.0 has stored XSS via a rating item. | 6.1 | 0.63% | 2017-12-30 | 2026-06-16 |
| CVE-2017-12810 | PHPJabbers PHP Newsletter Script 4.2 has stored XSS in lists in the admin panel. | 6.1 | 0.63% | 2017-12-30 | 2026-06-16 |
| CVE-2017-1000447 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-15955. Reason: This candidate is a reservation duplicate of CVE-2017-15955. Notes: All CVE users should reference CVE-2017-15955 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage | 該当なし | 0.27% | 2017-12-30 | 2023-11-06 |
| CVE-2017-1000446 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-15954. Reason: This candidate is a reservation duplicate of CVE-2017-15954. Notes: All CVE users should reference CVE-2017-15954 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage | 該当なし | 0.27% | 2017-12-30 | 2023-11-06 |
| CVE-2017-1000440 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-14976. Reason: This candidate is a reservation duplicate of CVE-2017-14976. Notes: All CVE users should reference CVE-2017-14976 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage | 該当なし | 0.27% | 2017-12-30 | 2023-11-06 |
| CVE-2017-1000436 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-14975. Reason: This candidate is a reservation duplicate of CVE-2017-14975. Notes: All CVE users should reference CVE-2017-14975 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage | 該当なし | 0.27% | 2017-12-30 | 2023-11-06 |
| CVE-2017-1000435 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-16227. Reason: This candidate is a reservation duplicate of CVE-2017-16227. Notes: All CVE users should reference CVE-2017-16227 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage | 該当なし | 0.27% | 2017-12-30 | 2023-11-06 |
| CVE-2017-17995 | Biometric Shift Employee Management System has XSS via the Last_Name parameter in an index.php?user=ajax request. | 5.4 | 0.54% | 2017-12-29 | 2026-06-16 |
| CVE-2017-17994 | Biometric Shift Employee Management System has XSS via the criteria parameter in an index.php?user=competency_criteria request. | 5.4 | 0.54% | 2017-12-29 | 2026-06-16 |
| CVE-2017-17993 | Biometric Shift Employee Management System has XSS via the amount parameter in an index.php?user=addition_deduction request. | 5.4 | 0.54% | 2017-12-29 | 2026-06-16 |