Vulnerabilities (CVE)

Filtered by NVD-CWE-noinfo
Total 35900 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-16873 1 Hashicorp 1 Vagrant Vmware Fusion 2026-06-17 7.2 HIGH 7.8 HIGH
It is possible to exploit an unsanitized PATH in the suid binary that ships with vagrant-vmware-fusion 4.0.25 through 5.0.4 in order to escalate to root privileges.
CVE-2017-16867 1 Amazon 2 Amazon Key, Amazon Key Firmware 2026-06-17 3.3 LOW 6.5 MEDIUM
Amazon Key through 2017-11-16 mishandles Cloud Cam 802.11 deauthentication frames during the delivery process, which makes it easier for (1) delivery drivers to freeze a camera and re-enter a house for unfilmed activities or (2) attackers to freeze a camera and enter a house if a delivery driver failed to ensure a locked door before leaving.
CVE-2017-16861 1 Atlassian 2 Crucible, Fisheye 2026-06-17 7.5 HIGH 9.8 CRITICAL
It was possible for double OGNL evaluation in certain redirect action and in WebWork URL and Anchor tags in JSP files to occur. An attacker who can access the web interface of Fisheye or Crucible or who hosts a website that a user who can access the web interface of Fisheye or Crucible visits, is able to exploit this vulnerability to execute Java code of their choice on systems that run a vulnerable version of Fisheye or Crucible. All versions of Fisheye and Crucible before 4.4.5 (the fixed version for 4.4.x) and from 4.5.0 before 4.5.2 (the fixed version for 4.5.x) are affected by this vulnerability.
CVE-2017-16839 1 Hashicorp 1 Vagrant Vmware Fusion 2026-06-17 6.9 MEDIUM 7.0 HIGH
Hashicorp vagrant-vmware-fusion 5.0.4 allows local users to steal root privileges if VMware Fusion is not installed.
CVE-2017-16776 1 Mckesson 1 Conserus Workflow Intelligence 2026-06-17 6.8 MEDIUM 8.1 HIGH
Security researchers discovered an authentication bypass vulnerability in version 2.0.2 of the Conserus Workflow Intelligence application by McKesson Medical Imaging Company, which is now a Change Healthcare company. The attacker must send a malicious HTTP GET request to exploit the vulnerability. The vulnerability allows an attacker to bypass authentication and escalate privileges of valid users. An unauthenticated attacker can exploit the vulnerability and be granted limited access to other accounts. An authenticated attacker can exploit the vulnerability and be granted access reserved for higher privilege users.
CVE-2017-16764 1 Django Make App Project 1 Django Make App 2026-06-17 7.5 HIGH 9.8 CRITICAL
An exploitable vulnerability exists in the YAML parsing functionality in the read_yaml_file method in io_utils.py in django_make_app 0.1.3. A YAML parser can execute arbitrary Python commands resulting in command execution. An attacker can insert Python into loaded YAML to trigger this vulnerability.
CVE-2017-16763 1 Confire Project 1 Confire 2026-06-17 7.5 HIGH 9.8 CRITICAL
An exploitable vulnerability exists in the YAML parsing functionality in config.py in Confire 0.2.0. Due to the user-specific configuration being loaded from "~/.confire.yaml" using the yaml.load function, a YAML parser can execute arbitrary Python commands resulting in command execution. An attacker can insert Python into loaded YAML to trigger this vulnerability.
CVE-2017-16709 1 Crestron 4 Airmedia Am-100, Airmedia Am-100 Firmware, Airmedia Am-101 and 1 more 2026-06-17 6.5 MEDIUM 7.2 HIGH
Crestron Airmedia AM-100 devices with firmware before 1.6.0 and AM-101 devices with firmware before 2.7.0 allows remote authenticated administrators to execute arbitrary code via unspecified vectors.
CVE-2017-16683 1 Sap 1 Businessobjects 2026-06-17 4.0 MEDIUM 6.5 MEDIUM
Denial of Service (DOS) in SAP Business Objects Platform, Enterprise 4.10 and 4.20, that could allow an attacker to prevent legitimate users from accessing a service.
CVE-2017-16674 1 Datto 1 Windows Agent 2026-06-17 4.9 MEDIUM 8.0 HIGH
Datto Windows Agent allows unauthenticated remote command execution via a modified command in conjunction with CVE-2017-16673 exploitation, aka an attack with a malformed primary whitelisted command and a secondary non-whitelisted command. This affects Datto Windows Agent (DWA) 1.0.5.0 and earlier. In other words, an attacker could combine this "primary/secondary" attack with the CVE-2017-16673 "rogue pairing" attack to achieve unauthenticated access to all agent machines running these older DWA versions.
CVE-2017-16653 2 Debian, Sensiolabs 2 Debian Linux, Symfony 2026-06-17 4.3 MEDIUM 5.9 MEDIUM
An issue was discovered in Symfony before 2.7.38, 2.8.31, 3.2.14, 3.3.13, 3.4-BETA5, and 4.0-BETA5. The current implementation of CSRF protection in Symfony (Version >=2) does not use different tokens for HTTP and HTTPS; therefore the token is subject to MITM attacks on HTTP and can then be used in an HTTPS context to do CSRF attacks.
CVE-2017-16618 1 Owlmixin Project 1 Owlmixin 2026-06-17 7.5 HIGH 9.8 CRITICAL
An exploitable vulnerability exists in the YAML loading functionality of util.py in OwlMixin before 2.0.0a12. A "Load YAML" string or file (aka load_yaml or load_yamlf) can execute arbitrary Python commands resulting in command execution because load is used where safe_load should have been used. An attacker can insert Python into loaded YAML to trigger this vulnerability.
CVE-2017-16616 1 Pyanyapi Project 1 Pyanyapi 2026-06-17 7.5 HIGH 9.8 CRITICAL
An exploitable vulnerability exists in the YAML parsing functionality in the YAMLParser method in Interfaces.py in PyAnyAPI before 0.6.1. A YAML parser can execute arbitrary Python commands resulting in command execution because load is used where safe_load should have been used. An attacker can insert Python into loaded YAML to trigger this vulnerability.
CVE-2017-16615 1 Mlalchemy Project 1 Mlalchemy 2026-06-17 7.5 HIGH 9.8 CRITICAL
An exploitable vulnerability exists in the YAML parsing functionality in the parse_yaml_query method in parser.py in MLAlchemy before 0.2.2. When processing YAML-Based queries for data, a YAML parser can execute arbitrary Python commands resulting in command execution because load is used where safe_load should have been used. An attacker can insert Python into loaded YAML to trigger this vulnerability.
CVE-2017-16550 1 K7computing 5 Antivirus, Endpoint, Internet Security and 2 more 2026-06-17 4.6 MEDIUM 7.8 HIGH
K7 Antivirus Premium before 15.1.0.53 allows local users to write to arbitrary memory locations, and consequently gain privileges, via a specific set of IOCTL calls.
CVE-2017-16523 1 Mitrastar 4 Dsl-100hn-t1, Dsl-100hn-t1 Firmware, Gpt-2541gnac and 1 more 2026-06-17 10.0 HIGH 9.8 CRITICAL
MitraStar GPT-2541GNAC (HGU) 1.00(VNJ0)b1 and DSL-100HN-T1 ES_113WJY0b16 devices have a zyad1234 password for the zyad1234 account, which is equivalent to root and undocumented.
CVE-2017-16521 1 Inedo 1 Buildmaster 2026-06-17 7.5 HIGH 9.8 CRITICAL
In Inedo BuildMaster before 5.8.2, XslTransform was used where XslCompiledTransform should have been used.
CVE-2017-16380 1 Adobe 4 Acrobat, Acrobat Dc, Acrobat Reader and 1 more 2026-06-17 9.3 HIGH 8.8 HIGH
An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a security bypass vulnerability for a certain file-type extension. Acrobat maintains both a blacklist and whitelist (the user can specify an allowed attachment). However, any file extensions that are neither on the blacklist nor the whitelist can still be opened after displaying a warning prompt.
CVE-2017-16366 1 Adobe 4 Acrobat, Acrobat Dc, Acrobat Reader and 1 more 2026-06-17 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a security bypass vulnerability in the AcroPDF plugin.
CVE-2017-16361 1 Adobe 4 Acrobat, Acrobat Dc, Acrobat Reader and 1 more 2026-06-17 4.3 MEDIUM 6.5 MEDIUM
An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a security bypass vulnerability when handling XFDF files.