Vulnerabilities (CVE)

Filtered by NVD-CWE-noinfo
Total 35830 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-5198 1 Solarwinds 1 Log And Event Manager 2026-06-17 7.2 HIGH 8.8 HIGH
SolarWinds LEM (aka SIEM) before 6.3.1 has an incorrect sudo configuration, which allows local users to obtain root access by editing /usr/local/contego/scripts/hostname.sh.
CVE-2017-5174 1 Geutebruck 2 Ip Camera G-cam Efd-2250, Ip Camera G-cam Efd-2250 Firmware 2026-06-17 7.5 HIGH 9.8 CRITICAL
An Authentication Bypass issue was discovered in Geutebruck IP Camera G-Cam/EFD-2250 Version 1.11.0.12. An authentication bypass vulnerability has been identified. The existing file system architecture could allow attackers to bypass the access control that may allow remote code execution.
CVE-2017-5144 1 Carlosgavazzi 4 Vmu-c Em, Vmu-c Em Firmware, Vmu-c Pv and 1 more 2026-06-17 7.5 HIGH 9.8 CRITICAL
An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware Version A11_U05, and VMU-C PV prior to firmware Version A17. The access control flaw allows access to most application functions without authentication.
CVE-2017-5135 1 Technicolor 2 Dpc3928sl, Dpc3928sl Firmware 2026-06-17 6.4 MEDIUM 9.1 CRITICAL
Certain Technicolor devices have an SNMP access-control bypass, possibly involving an ISP customization in some cases. The Technicolor (formerly Cisco) DPC3928SL with firmware D3928SL-P15-13-A386-c3420r55105-160127a could be reached by any SNMP community string from the Internet; also, you can write in the MIB because it provides write properties, aka Stringbleed. NOTE: the string-bleed/StringBleed-CVE-2017-5135 GitHub repository is not a valid reference as of 2017-04-27; it contains Trojan horse code purported to exploit this vulnerability.
CVE-2017-5120 6 Apple, Debian, Google and 3 more 9 Macos, Debian Linux, Android and 6 more 2026-06-17 4.3 MEDIUM 6.5 MEDIUM
Inappropriate use of www mismatch redirects in browser navigation in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to potentially downgrade HTTPS requests to HTTP via a crafted HTML page. In other words, Chrome could transmit cleartext even though the user had entered an https URL, because of a misdesigned workaround for cases where the domain name in a URL almost matches the domain name in an X.509 server certificate (but differs in the initial "www." substring).
CVE-2017-5101 6 Apple, Debian, Google and 3 more 8 Macos, Debian Linux, Chrome and 5 more 2026-06-17 4.3 MEDIUM 6.5 MEDIUM
Inappropriate implementation in Omnibox in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to spoof the contents of the Omnibox via a crafted HTML page.
CVE-2017-5078 5 Apple, Google, Linux and 2 more 7 Macos, Chrome, Linux Kernel and 4 more 2026-06-17 6.8 MEDIUM 8.8 HIGH
Insufficient validation of untrusted input in Blink's mailto: handling in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac allowed a remote attacker to perform command injection via a crafted HTML page, a similar issue to CVE-2004-0121. For example, characters such as * have an incorrect interaction with xdg-email in xdg-utils, and a space character can be used in front of a command-line argument.
CVE-2017-5046 6 Apple, Debian, Google and 3 more 9 Macos, Debian Linux, Android and 6 more 2026-06-17 4.3 MEDIUM 4.3 MEDIUM
V8 in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android had insufficient policy enforcement, which allowed a remote attacker to spoof the location object via a crafted HTML page, related to Blink information disclosure.
CVE-2017-5040 6 Apple, Debian, Google and 3 more 9 Macos, Debian Linux, Android and 6 more 2026-06-17 4.3 MEDIUM 4.3 MEDIUM
V8 in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android was missing a neutering check, which allowed a remote attacker to read values in memory via a crafted HTML page.
CVE-2017-5027 1 Google 1 Chrome 2026-06-17 4.3 MEDIUM 4.3 MEDIUM
Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to properly enforce unsafe-inline content security policy, which allowed a remote attacker to bypass content security policy via a crafted HTML page.
CVE-2017-5022 1 Google 1 Chrome 2026-06-17 4.3 MEDIUM 4.3 MEDIUM
Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to properly enforce unsafe-inline content security policy, which allowed a remote attacker to bypass content security policy via a crafted HTML page.
CVE-2017-5015 1 Google 1 Chrome 2026-06-17 4.3 MEDIUM 6.5 MEDIUM
Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, incorrectly handled Unicode glyphs, which allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.
CVE-2017-5013 1 Google 1 Chrome 2026-06-17 4.3 MEDIUM 6.5 MEDIUM
Google Chrome prior to 56.0.2924.76 for Linux incorrectly handled new tab page navigations in non-selected tabs, which allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
CVE-2017-4988 1 Emc 1 Isilon Onefs 2026-06-17 9.0 HIGH 7.2 HIGH
EMC Isilon OneFS 8.0.1.0, 8.0.0 - 8.0.0.3, 7.2.0 - 7.2.1.4, 7.1.x is affected by a privilege escalation vulnerability that could potentially be exploited by attackers to compromise the affected system.
CVE-2017-4983 1 Dell 1 Emc Data Domain Os 2026-06-17 4.6 MEDIUM 6.7 MEDIUM
EMC Data Domain OS 5.2 through 5.7 before 5.7.3.0 and 6.0 before 6.0.1.0 is affected by a privilege escalation vulnerability that may potentially be exploited by attackers to compromise the affected system.
CVE-2017-4979 1 Emc 1 Isilon Onefs 2026-06-17 4.6 MEDIUM 7.1 HIGH
EMC Isilon OneFS 8.0.1.0, OneFS 8.0.0.0 - 8.0.0.2, OneFS 7.2.1.0 - 7.2.1.3, and OneFS 7.2.0.x is affected by an NFS export vulnerability. Under certain conditions, after upgrading a cluster from OneFS 7.1.1.x or earlier, users may have unexpected levels of access to some NFS exports.
CVE-2017-4970 1 Cloudfoundry 2 Cf-release, Staticfile Buildpack 2026-06-17 4.3 MEDIUM 5.9 MEDIUM
An issue was discovered in Cloud Foundry Foundation cf-release v255 and Staticfile buildpack versions v1.4.0 - v1.4.3. A regression introduced in the Static file build pack causes the Staticfile.auth configuration to be ignored when the Static file file is not present in the application root. Applications containing a Staticfile.auth file but not a Static file had their basic auth turned off when an operator upgraded the Static file build pack in the foundation to one of the vulnerable versions. Note that Static file applications without a Static file are technically misconfigured, and will not successfully detect unless the Static file build pack is explicitly specified.
CVE-2017-4969 1 Cloudfoundry 1 Cf-release 2026-06-17 6.8 MEDIUM 6.5 MEDIUM
The Cloud Controller in Cloud Foundry cf-release versions prior to v255 allows authenticated developer users to exceed memory and disk quotas for tasks.
CVE-2017-4960 2 Cloudfoundry, Pivotal Software 3 Cloud Foundry Uaa Bosh, Cloud Foundry, Cloud Foundry Uaa 2026-06-17 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Cloud Foundry release v247 through v252, UAA stand-alone release v3.9.0 through v3.11.0, and UAA Bosh Release v21 through v26. There is a potential to subject the UAA OAuth clients to a denial of service attack.
CVE-2017-4959 1 Pivotal Software 1 Cloud Foundry Elastic Runtime 2026-06-17 6.5 MEDIUM 8.8 HIGH
An issue was discovered in Pivotal PCF Elastic Runtime 1.8.x versions prior to 1.8.29 and 1.9.x versions prior to 1.9.7. Pivotal Cloud Foundry deployments using the Pivotal Account application are vulnerable to a flaw which allows an authorized user to take over the account of another user, causing account lockout and potential escalation of privileges.