Vulnerabilities (CVE)

Filtered by NVD-CWE-noinfo
Total 35862 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-3156 1 Apache 1 Cxf 2026-06-17 5.0 MEDIUM 7.5 HIGH
The OAuth2 Hawk and JOSE MAC Validation code in Apache CXF prior to 3.0.13 and 3.1.x prior to 3.1.10 is not using a constant time MAC signature comparison algorithm which may be exploited by sophisticated timing attacks.
CVE-2017-3143 3 Debian, Isc, Redhat 8 Debian Linux, Bind, Enterprise Linux Desktop and 5 more 2026-06-17 4.3 MEDIUM 7.5 HIGH
An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name for the zone and service being targeted may be able to manipulate BIND into accepting an unauthorized dynamic update. Affects BIND 9.4.0->9.8.8, 9.9.0->9.9.10-P1, 9.10.0->9.10.5-P1, 9.11.0->9.11.1-P1, 9.9.3-S1->9.9.10-S2, 9.10.5-S1->9.10.5-S2.
CVE-2017-3101 1 Adobe 1 Connect 2026-06-17 5.0 MEDIUM 7.5 HIGH
Adobe Connect versions 9.6.1 and earlier have a clickjacking vulnerability. Successful exploitation could lead to a clickjacking attack.
CVE-2017-3080 5 Adobe, Apple, Google and 2 more 8 Flash Player, Flash Player Desktop Runtime, Mac Os X and 5 more 2026-06-17 4.3 MEDIUM 6.5 MEDIUM
Adobe Flash Player versions 26.0.0.131 and earlier have a security bypass vulnerability related to the Flash API used by Internet Explorer. Successful exploitation could lead to information disclosure.
CVE-2017-3000 5 Adobe, Apple, Google and 2 more 8 Flash Player, Flash Player Desktop Runtime, Mac Os X and 5 more 2026-06-17 4.3 MEDIUM 6.5 MEDIUM
Adobe Flash Player versions 24.0.0.221 and earlier have a vulnerability in the random number generator used for constant blinding. Successful exploitation could lead to information disclosure.
CVE-2017-2938 5 Adobe, Apple, Google and 2 more 7 Flash Player, Mac Os X, Chrome Os and 4 more 2026-06-17 4.3 MEDIUM 6.5 MEDIUM
Adobe Flash Player versions 24.0.0.186 and earlier have a security bypass vulnerability related to handling TCP connections.
CVE-2017-2915 1 Meetcircle 2 Circle With Disney, Circle With Disney Firmware 2026-06-17 7.7 HIGH 8.0 HIGH
An exploitable vulnerability exists in the WiFi configuration functionality of Circle with Disney running firmware 2.0.1. A specially crafted SSID can cause the device to execute arbitrary shell commands. An attacker needs to send a couple of HTTP requests and setup an access point reachable by the device to trigger this vulnerability.
CVE-2017-2883 1 Meetcircle 2 Circle With Disney, Circle With Disney Firmware 2026-06-17 9.3 HIGH 8.1 HIGH
An exploitable vulnerability exists in the database update functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause the device to execute arbitrary code. An attacker needs to impersonate a remote server in order to trigger this vulnerability.
CVE-2017-2882 1 Meetcircle 2 Circle With Disney, Circle With Disney Firmware 2026-06-17 6.8 MEDIUM 8.1 HIGH
An exploitable vulnerability exists in the servers update functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause the device to overwrite sensitive files, resulting in code execution. An attacker needs to impersonate a remote server in order to trigger this vulnerability.
CVE-2017-2881 1 Meetcircle 2 Circle With Disney, Circle With Disney Firmware 2026-06-17 5.8 MEDIUM 8.8 HIGH
An exploitable vulnerability exists in the torlist update functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause the product to run an attacker-supplied shell script. An attacker can intercept and alter network traffic to trigger this vulnerability.
CVE-2017-2874 1 Foscam 2 C1, C1 Firmware 2026-06-17 5.0 MEDIUM 7.5 HIGH
An information disclosure vulnerability exists in the Multi-Camera interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted request on port 10001 can allow for a user to retrieve sensitive information without authentication.
CVE-2017-2865 1 Meetcircle 2 Circle With Disney, Circle With Disney Firmware 2026-06-17 7.9 HIGH 7.5 HIGH
An exploitable vulnerability exists in the firmware update functionality of Circle with Disney. Specially crafted network packets can cause the product to run an attacker-supplied shell script. An attacker can intercept and alter network traffic to trigger this vulnerability.
CVE-2017-2839 2 Debian, Freerdp 2 Debian Linux, Freerdp 2026-06-17 4.3 MEDIUM 5.9 MEDIUM
An exploitable denial of service vulnerability exists within the handling of challenge packets in FreeRDP 2.0.0-beta1+android11. A specially crafted challenge packet can cause the program termination leading to a denial of service condition. An attacker can compromise the server or use man in the middle to trigger this vulnerability.
CVE-2017-2825 2 Debian, Zabbix 2 Debian Linux, Zabbix 2026-06-17 6.8 MEDIUM 7.0 HIGH
In the trapper functionality of Zabbix Server 2.4.x, specifically crafted trapper packets can pass database logic checks, resulting in database writes. An attacker can set up a Man-in-the-Middle server to alter trapper requests made between an active Zabbix proxy and Server to trigger this vulnerability.
CVE-2017-2810 1 Python 1 Tablib 2026-06-17 7.5 HIGH 7.5 HIGH
An exploitable vulnerability exists in the Databook loading functionality of Tablib 0.11.4. A yaml loaded Databook can execute arbitrary python commands resulting in command execution. An attacker can insert python into loaded yaml to trigger this vulnerability.
CVE-2017-2747 1 Hp 44 110, 110 Firmware, 310 and 41 more 2026-06-17 2.1 LOW 7.8 HIGH
HP has identified a potential security vulnerability before IG_11_00_00.10 for DesignJet T790, T795, T1300, T2300, before MRY_04_05_00.5 for DesignJet T920, T930, T1500, T1530, T2500, T2530, before AENEAS_03_04_00.9 for DesignJet T3500, before NEXUS_01_12_00.11 for Latex 310, 330, 360, 370, before NEXUS_03_12_00.15 for Latex 315, 335, 365, 375, before STORM_00_05_01.6 for Latex 560, 570 and Latex 110 that may expose the credentials of the SMTP server configured to receive and process emails generated by the printers.
CVE-2017-2742 1 Hp 1 Web Jetadmin 2026-06-17 7.8 HIGH 7.5 HIGH
A potential security vulnerability has been identified with HP Web Jetadmin before 10.4 SR2. This vulnerability could potentially be exploited to create a denial of service.
CVE-2017-2741 1 Hp 76 D3q15a, D3q15a Firmware, D3q15b and 73 more 2026-06-17 10.0 HIGH 9.8 CRITICAL
A potential security vulnerability has been identified with HP PageWide Printers, HP OfficeJet Pro Printers, with firmware before 1708D. This vulnerability could potentially be exploited to execute arbitrary code.
CVE-2017-2740 1 Hp 1 Thinpro 2026-06-17 7.2 HIGH 7.8 HIGH
A potential security vulnerability has been identified with the command line shell of the HP ThinPro operating system 6.1, 5.2.1, 5.2, 5.1, 5.0, and 4.4. The vulnerability could result in a local unauthorized elevation of privilege on an HP thin client device.
CVE-2017-2728 1 Huawei 2 Honor 6x, Honor 6x Firmware 2026-06-17 6.9 MEDIUM 6.4 MEDIUM
Some Huawei mobile phones Honor 6X Berlin-L22C636B150 and earlier versions have a Bluetooth unlock bypassing vulnerability. If a user has enabled the smart unlock function, an attacker can impersonate the user's Bluetooth device to unlock the user's mobile phone screen.uawei mobile phones have a Bluetooth unlock bypassing vulnerability due to the lack of validation on Bluetooth devices. If a user has enabled the smart unlock function, an attacker can impersonate the user's Bluetooth device to unlock the user's mobile phone screen.