CVE list (From Vulnerabilities by Type · Published in 2017 · Default sort: published descending; newest first.)

You're viewing CVEs published in 2017. View full CVE list

Showing 120 of 18113 results
«« First « Prev Page 1 / 906 Next »
CVE Description Max CVSS EPSS % Published Updated
CVE-2017-18005 Exiv2 0.26 has a Null Pointer Dereference in the Exiv2::DataValue::toLong function in value.cpp, related to crafted metadata in a TIFF file. 5.5 0.79% 2017-12-31 2026-06-16
CVE-2017-18004 Zurmo 3.2.3 allows XSS via the latitude or longitude parameter to maps/default/mapAndPoint. 5.4 0.63% 2017-12-31 2026-06-16
CVE-2017-18001 Trustwave Secure Web Gateway (SWG) through 11.8.0.27 allows remote attackers to append an arbitrary public key to the device's SSH Authorized Keys data, and consequently obtain remote root access, via the publicKey parameter to the /sendKey URI. 9.8 13.71% 2017-12-31 2026-06-16
CVE-2017-17704 A door-unlocking issue was discovered on Software House iStar Ultra devices through 6.5.2.20569 when used in conjunction with the IP-ACM Ethernet Door Module. The communications between the IP-ACM and the iStar Ultra is encrypted using a fixed AES key and IV. Each message is encrypted in CBC mode and restarts with the fixed IV, leading to replay attacks of entire messages. There is no authentication of messages beyond the use of the fixed AES key, so message forgery is also possible. 7.4 0.99% 2017-12-30 2026-06-16
CVE-2016-10704 Magento Community Edition and Enterprise Edition before 2.0.10 and 2.1.x before 2.1.2 have XSS via e-mail templates that are mishandled during a preview, aka APPSEC-1503. 6.1 0.64% 2017-12-30 2026-06-16
CVE-2017-17089 custom/run.cgi in Webmin before 1.870 allows remote authenticated administrators to conduct XSS attacks via the description field in the custom command functionality. 4.8 0.83% 2017-12-30 2026-06-16
CVE-2017-14855 Red Lion HMI panels allow remote attackers to cause a denial of service (software exception) via an HTTP POST request to a long URI that does not exist, as demonstrated by version HMI 2.41 PLC 2.42. 8.6 1.38% 2017-12-30 2026-06-16
CVE-2017-17997 In Wireshark before 2.2.12, the MRDISC dissector misuses a NULL pointer and crashes. This was addressed in epan/dissectors/packet-mrdisc.c by validating an IPv4 address. This vulnerability is similar to CVE-2017-9343. 7.5 1.76% 2017-12-30 2026-06-16
CVE-2017-12813 PHPJabbers File Sharing Script 1.0 has stored XSS in the comments section. 6.1 0.63% 2017-12-30 2026-06-16
CVE-2017-12812 PHPJabbers Night Club Booking Software has stored XSS in the name parameter in the reservations tab. 6.1 0.63% 2017-12-30 2026-06-16
CVE-2017-12811 PHPJabbers Star Rating Script 4.0 has stored XSS via a rating item. 6.1 0.63% 2017-12-30 2026-06-16
CVE-2017-12810 PHPJabbers PHP Newsletter Script 4.2 has stored XSS in lists in the admin panel. 6.1 0.63% 2017-12-30 2026-06-16
CVE-2017-1000447 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-15955. Reason: This candidate is a reservation duplicate of CVE-2017-15955. Notes: All CVE users should reference CVE-2017-15955 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage N/A 0.27% 2017-12-30 2023-11-06
CVE-2017-1000446 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-15954. Reason: This candidate is a reservation duplicate of CVE-2017-15954. Notes: All CVE users should reference CVE-2017-15954 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage N/A 0.27% 2017-12-30 2023-11-06
CVE-2017-1000440 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-14976. Reason: This candidate is a reservation duplicate of CVE-2017-14976. Notes: All CVE users should reference CVE-2017-14976 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage N/A 0.27% 2017-12-30 2023-11-06
CVE-2017-1000436 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-14975. Reason: This candidate is a reservation duplicate of CVE-2017-14975. Notes: All CVE users should reference CVE-2017-14975 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage N/A 0.27% 2017-12-30 2023-11-06
CVE-2017-1000435 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-16227. Reason: This candidate is a reservation duplicate of CVE-2017-16227. Notes: All CVE users should reference CVE-2017-16227 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage N/A 0.27% 2017-12-30 2023-11-06
CVE-2017-17995 Biometric Shift Employee Management System has XSS via the Last_Name parameter in an index.php?user=ajax request. 5.4 0.54% 2017-12-29 2026-06-16
CVE-2017-17994 Biometric Shift Employee Management System has XSS via the criteria parameter in an index.php?user=competency_criteria request. 5.4 0.54% 2017-12-29 2026-06-16
CVE-2017-17993 Biometric Shift Employee Management System has XSS via the amount parameter in an index.php?user=addition_deduction request. 5.4 0.54% 2017-12-29 2026-06-16
«« First « Prev Page 1 / 906 Next »
cvelogic Threat Intelligence