Vulnerabilities (CVE)

Filtered by NVD-CWE-noinfo
Total 35762 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-5500 1 Jasper Project 1 Jasper 2026-06-17 4.3 MEDIUM 5.5 MEDIUM
libjasper/jpc/jpc_dec.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value.
CVE-2017-5498 1 Jasper Project 1 Jasper 2026-06-17 4.3 MEDIUM 5.5 MEDIUM
libjasper/include/jasper/jas_math.h in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value.
CVE-2017-5455 2 Mozilla, Redhat 7 Firefox, Enterprise Linux, Enterprise Linux Desktop and 4 more 2026-06-17 5.0 MEDIUM 7.5 HIGH
The internal feed reader APIs that crossed the sandbox barrier allowed for a sandbox escape and escalation of privilege if combined with another vulnerability that resulted in remote code execution inside the sandboxed process. This vulnerability affects Firefox ESR < 52.1 and Firefox < 53.
CVE-2017-5419 1 Mozilla 2 Firefox, Thunderbird 2026-06-17 7.8 HIGH 7.5 HIGH
If a malicious site repeatedly triggers a modal authentication prompt, eventually the browser UI will become non-responsive, requiring shutdown through the operating system. This is a denial of service (DOS) attack. This vulnerability affects Firefox < 52 and Thunderbird < 52.
CVE-2017-5391 1 Mozilla 1 Firefox 2026-06-17 7.5 HIGH 9.8 CRITICAL
Special "about:" pages used by web content, such as RSS feeds, can load privileged "about:" pages in an iframe. If a content-injection bug were found in one of those pages this could allow for potential privilege escalation. This vulnerability affects Firefox < 51.
CVE-2017-5390 3 Debian, Mozilla, Redhat 9 Debian Linux, Firefox, Thunderbird and 6 more 2026-06-17 7.5 HIGH 9.8 CRITICAL
The JSON viewer in the Developer Tools uses insecure methods to create a communication channel for copying and viewing JSON or HTTP headers data, allowing for potential privilege escalation. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.
CVE-2017-5386 3 Debian, Mozilla, Redhat 8 Debian Linux, Firefox, Enterprise Linux and 5 more 2026-06-17 7.5 HIGH 7.3 HIGH
WebExtension scripts can use the "data:" protocol to affect pages loaded by other web extensions using this protocol, leading to potential data disclosure or privilege escalation in affected extensions. This vulnerability affects Firefox ESR < 45.7 and Firefox < 51.
CVE-2017-5361 1 Bestpractical 1 Request Tracker 2026-06-17 4.3 MEDIUM 5.9 MEDIUM
Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 does not use a constant-time comparison algorithm for secrets, which makes it easier for remote attackers to obtain sensitive user password information via a timing side-channel attack.
CVE-2017-5350 1 Samsung 1 Samsung Mobile 2026-06-17 5.0 MEDIUM 7.5 HIGH
Samsung Note devices with L(5.0/5.1), M(6.0), and N(7.0) software allow attackers to crash systemUI by leveraging incomplete exception handling. The Samsung ID is SVE-2016-7122.
CVE-2017-5328 1 Paloaltonetworks 1 Terminal Services Agent 2026-06-17 5.0 MEDIUM 7.5 HIGH
Palo Alto Networks Terminal Services Agent before 7.0.7 allows attackers to spoof arbitrary users via unspecified vectors.
CVE-2017-5206 2 Firejail Project, Linux 2 Firejail, Linux Kernel 2026-06-17 6.8 MEDIUM 9.0 CRITICAL
Firejail before 0.9.44.4, when running on a Linux kernel before 4.8, allows context-dependent attackers to bypass a seccomp-based sandbox protection mechanism via the --allow-debuggers argument.
CVE-2017-5200 1 Saltstack 1 Salt 2026-06-17 9.0 HIGH 8.8 HIGH
Salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2 allows arbitrary command execution on a salt-master via Salt's ssh_client.
CVE-2017-5198 1 Solarwinds 1 Log And Event Manager 2026-06-17 7.2 HIGH 8.8 HIGH
SolarWinds LEM (aka SIEM) before 6.3.1 has an incorrect sudo configuration, which allows local users to obtain root access by editing /usr/local/contego/scripts/hostname.sh.
CVE-2017-5174 1 Geutebruck 2 Ip Camera G-cam Efd-2250, Ip Camera G-cam Efd-2250 Firmware 2026-06-17 7.5 HIGH 9.8 CRITICAL
An Authentication Bypass issue was discovered in Geutebruck IP Camera G-Cam/EFD-2250 Version 1.11.0.12. An authentication bypass vulnerability has been identified. The existing file system architecture could allow attackers to bypass the access control that may allow remote code execution.
CVE-2017-5144 1 Carlosgavazzi 4 Vmu-c Em, Vmu-c Em Firmware, Vmu-c Pv and 1 more 2026-06-17 7.5 HIGH 9.8 CRITICAL
An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware Version A11_U05, and VMU-C PV prior to firmware Version A17. The access control flaw allows access to most application functions without authentication.
CVE-2017-5135 1 Technicolor 2 Dpc3928sl, Dpc3928sl Firmware 2026-06-17 6.4 MEDIUM 9.1 CRITICAL
Certain Technicolor devices have an SNMP access-control bypass, possibly involving an ISP customization in some cases. The Technicolor (formerly Cisco) DPC3928SL with firmware D3928SL-P15-13-A386-c3420r55105-160127a could be reached by any SNMP community string from the Internet; also, you can write in the MIB because it provides write properties, aka Stringbleed. NOTE: the string-bleed/StringBleed-CVE-2017-5135 GitHub repository is not a valid reference as of 2017-04-27; it contains Trojan horse code purported to exploit this vulnerability.
CVE-2017-5120 6 Apple, Debian, Google and 3 more 9 Macos, Debian Linux, Android and 6 more 2026-06-17 4.3 MEDIUM 6.5 MEDIUM
Inappropriate use of www mismatch redirects in browser navigation in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to potentially downgrade HTTPS requests to HTTP via a crafted HTML page. In other words, Chrome could transmit cleartext even though the user had entered an https URL, because of a misdesigned workaround for cases where the domain name in a URL almost matches the domain name in an X.509 server certificate (but differs in the initial "www." substring).
CVE-2017-5101 6 Apple, Debian, Google and 3 more 8 Macos, Debian Linux, Chrome and 5 more 2026-06-17 4.3 MEDIUM 6.5 MEDIUM
Inappropriate implementation in Omnibox in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to spoof the contents of the Omnibox via a crafted HTML page.
CVE-2017-5078 5 Apple, Google, Linux and 2 more 7 Macos, Chrome, Linux Kernel and 4 more 2026-06-17 6.8 MEDIUM 8.8 HIGH
Insufficient validation of untrusted input in Blink's mailto: handling in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac allowed a remote attacker to perform command injection via a crafted HTML page, a similar issue to CVE-2004-0121. For example, characters such as * have an incorrect interaction with xdg-email in xdg-utils, and a space character can be used in front of a command-line argument.
CVE-2017-5046 6 Apple, Debian, Google and 3 more 9 Macos, Debian Linux, Android and 6 more 2026-06-17 4.3 MEDIUM 4.3 MEDIUM
V8 in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android had insufficient policy enforcement, which allowed a remote attacker to spoof the location object via a crafted HTML page, related to Blink information disclosure.