Vulnerabilities (CVE)

Filtered by NVD-CWE-noinfo
Total 35900 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-17566 1 Xen 1 Xen 2026-06-17 6.9 MEDIUM 7.8 HIGH
An issue was discovered in Xen through 4.9.x allowing PV guest OS users to cause a denial of service (host OS crash) or gain host OS privileges in shadow mode by mapping a certain auxiliary page.
CVE-2017-17562 2 Embedthis, Oracle 2 Goahead, Integrated Lights Out Manager 2026-06-17 6.8 MEDIUM 8.1 HIGH
Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked. This is a result of initializing the environment of forked CGI scripts using untrusted HTTP request parameters in the cgiHandler function in cgi.c. When combined with the glibc dynamic linker, this behaviour can be abused for remote code execution using special parameter names such as LD_PRELOAD. An attacker can POST their shared object payload in the body of the request, and reference it using /proc/self/fd/0.
CVE-2017-17561 1 Seacms Project 1 Seacms 2026-06-17 6.5 MEDIUM 7.2 HIGH
SeaCMS 6.56 allows remote authenticated administrators to execute arbitrary PHP code via a crafted token field to admin/admin_ping.php, which interacts with data/admin/ping.php.
CVE-2017-17553 1 Changyou 1 Dolphin 2026-06-17 5.0 MEDIUM 5.3 MEDIUM
The Dolphin Browser for Android 12.0.2 suffers from an insecure parsing implementation of the Intent URI scheme. This vulnerability could allow attackers to abuse this implementation through a malicious Intent URI, in order to invoke private Activities within the Dolphin Browser.
CVE-2017-17538 1 Mikrotik 2 Router, Router Firmware 2026-06-17 7.8 HIGH 7.5 HIGH
MikroTik v6.40.5 devices allow remote attackers to cause a denial of service via a flood of ICMP packets.
CVE-2017-17536 1 Phacility 1 Phabricator 2026-06-17 6.8 MEDIUM 8.8 HIGH
Phabricator before 2017-11-10 does not block the --config and --debugger flags to the Mercurial hg program, which allows remote attackers to execute arbitrary code by using the web UI to browse a branch whose name begins with a --config= or --debugger= substring.
CVE-2017-17468 1 Tgsoft 1 Vir.it Explorer 2026-06-17 4.6 MEDIUM 7.8 HIGH
TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to gain privileges or cause a denial of service (Arbitrary Write) via a \\.\Viragtlt DeviceIoControl request of 0x82730020, a different vulnerability than CVE-2017-17050.
CVE-2017-17466 1 Tgsoft 1 Vir.it Explorer 2026-06-17 4.6 MEDIUM 7.8 HIGH
TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to gain privileges or cause a denial of service (Arbitrary Write) via a \\.\Viragtlt DeviceIoControl request of 0x82730088.
CVE-2017-17459 1 Fossil Scm 1 Fossil 2026-06-17 9.3 HIGH 8.8 HIGH
http_transport.c in Fossil before 2.4, when the SSH sync protocol is used, allows user-assisted remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-14176, CVE-2017-16228, CVE-2017-1000116, and CVE-2017-1000117.
CVE-2017-17434 2 Debian, Samba 2 Debian Linux, Rsync 2026-06-17 7.5 HIGH 9.8 CRITICAL
The daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, does not check for fnamecmp filenames in the daemon_filter_list data structure (in the recv_files function in receiver.c) and also does not apply the sanitize_paths protection mechanism to pathnames found in "xname follows" strings (in the read_ndx_and_attrs function in rsync.c), which allows remote attackers to bypass intended access restrictions.
CVE-2017-17327 1 Huawei 2 Mha-al00a, Mha-al00a Firmware 2026-06-17 4.3 MEDIUM 5.5 MEDIUM
Huawei smartphones with software of MHA-AL00AC00B125 have an improper resource management vulnerability. The software does not properly manage the resource when do device register operation. An attacker tricks the user who has root privilege to install a crafted application, successful exploit could cause certain service unavailable.
CVE-2017-17326 1 Huawei 2 Mate 9 Pro, Mate 9 Pro Fimware 2026-06-17 2.1 LOW 4.6 MEDIUM
Huawei Mate 9 Pro Smartphones with software of LON-AL00BC00B139D; LON-AL00BC00B229 have an activation lock bypass vulnerability. The smartphone is supposed to be activated by the former account after reset if find my phone function is on. The software does not have a sufficient protection of activation lock. Successful exploit could allow an attacker to bypass the activation lock and activate the smartphone by a new account after a series of operation.
CVE-2017-17325 1 Huawei 1 Hicinema 2026-06-17 4.3 MEDIUM 3.7 LOW
Huawei video applications HiCinema with software of 8.0.3.308; 8.0.4.300 have a permission control vulnerability. Due to improper verification of specific interface, an attacker who is on the same network with the user can obtain some information through a man-in-the-middle attack.
CVE-2017-17284 1 Huawei 12 Dp300, Dp300 Firmware, Rp200 and 9 more 2026-06-17 5.0 MEDIUM 5.3 MEDIUM
Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00 have a resource management error vulnerability. A remote attacker may send huge number of specially crafted SIP messages to the affected products. Due to improper handling of some value in the messages, successful exploit will cause some services abnormal.
CVE-2017-17279 1 Huawei 2 Mate 9 Pro, Mate 9 Pro Firmware 2026-06-17 4.3 MEDIUM 5.5 MEDIUM
The soundtrigger module in Huawei Mate 9 Pro smart phones with software of the versions before LON-AL00B 8.0.0.343(C00) has an authentication bypass vulnerability due to the improper design of the module. An attacker tricks a user into installing a malicious application, and the application can exploit the vulnerability and make attacker bypass the authentication, the attacker can control the phone to sent short messages and make call within audio range to the phone.
CVE-2017-17149 1 Huawei 1 Hiwallet 2026-06-17 2.1 LOW 3.9 LOW
Huawei HiWallet App with the versions before 8.0.4 has an arbitrary lock pattern change vulnerability. It needs to verify the user's Huawei ID during lock pattern change. An attacker with root privilege who gets a user's smart phone may bypass Huawei ID verification by special operation. Successful exploit of this vulnerability can allow an attacker to change the lock pattern of HiWallet.
CVE-2017-17145 1 Huawei 2 Honor V9 Play, Honor V9 Play Firmware 2026-06-17 2.1 LOW 4.6 MEDIUM
Huawei Honor V9 Play smart phones with the versions before Jimmy-AL00AC00B135 have an authentication bypass vulnerability due to the improper design of a component. An attacker who get a user's smart phone can execute specific operation, and delete the fingerprint of the phone without authentication.
CVE-2017-17101 1 Apexis 2 Apm-h803-mpc, Apm-h803-mpc Firmware 2026-06-17 7.5 HIGH 9.8 CRITICAL
An issue was discovered in Apexis APM-H803-MPC software, as used with many different models of IP Camera. An unprotected CGI method inside the web application permits an unauthenticated user to bypass the login screen and access the webcam contents including: live video stream, configuration files with all the passwords, system information, and much more. With this vulnerability, anyone can access to a vulnerable webcam with 'super admin' privilege.
CVE-2017-16920 1 Finecms 1 Finecms 2026-06-17 7.5 HIGH 9.8 CRITICAL
v5/config/system.php in dayrui FineCms 5.2.0 has a default SYS_KEY value and does not require key regeneration for each installation, which allows remote attackers to upload arbitrary .php files via a member api swfupload action to index.php.
CVE-2017-16875 1 Teluu 1 Pjsip 2026-06-17 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Teluu pjproject (pjlib and pjlib-util) in PJSIP before 2.7.1. The ioqueue component may issue a double key unregistration after an attacker initiates a socket connection with specific settings and sequences. Such double key unregistration will trigger an integer overflow, which may cause ioqueue backends to reject future key registrations.