Vulnerabilities (CVE)

Filtered by NVD-CWE-noinfo
Total 35900 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-16249 1 Brother 2 Dcp-j132w, Dcp-j132w Firmware 2026-06-17 7.8 HIGH 7.5 HIGH
The Debut embedded http server contains a remotely exploitable denial of service where a single malformed HTTP POST request can cause the server to hang until eventually replying (~300 seconds) with an HTTP 500 error. While the server is hung, print jobs over the network are blocked and the web interface is inaccessible. An attacker can continuously send this malformed request to keep the device inaccessible to legitimate traffic.
CVE-2017-16239 1 Openstack 1 Nova 2026-06-17 4.0 MEDIUM 6.5 MEDIUM
In OpenStack Nova through 14.0.9, 15.x through 15.0.7, and 16.x through 16.0.2, by rebuilding an instance, an authenticated user may be able to circumvent the Filter Scheduler bypassing imposed filters (for example, the ImagePropertiesFilter or the IsolatedHostsFilter). All setups using Nova Filter Scheduler are affected. Because of the regression described in Launchpad Bug #1732947, the preferred fix is a 14.x version after 14.0.10, a 15.x version after 15.0.8, or a 16.x version after 16.0.3.
CVE-2017-16228 1 Dulwich Project 1 Dulwich 2026-06-17 7.5 HIGH 9.8 CRITICAL
Dulwich before 0.18.5, when an SSH subprocess is used, allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-1000116, and CVE-2017-1000117.
CVE-2017-16207 1 Discordi.js Project 1 Discordi.js 2026-06-17 5.0 MEDIUM 7.3 HIGH
discordi.js is a malicious module based on the discord.js library that exfiltrates login tokens to pastebin.
CVE-2017-16088 1 Safe-eval Project 1 Safe-eval 2026-06-17 10.0 HIGH 10.0 CRITICAL
The safe-eval module describes itself as a safer version of eval. By accessing the object constructors, un-sanitized user input can access the entire standard library and effectively break out of the sandbox.
CVE-2017-16046 1 Mariadb 1 Mariadb 2026-06-17 5.0 MEDIUM 7.5 HIGH
`mariadb` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
CVE-2017-16030 1 Useragent Project 1 Useragent 2026-06-17 5.0 MEDIUM 7.5 HIGH
Useragent is used to parse useragent headers. It uses several regular expressions to accomplish this. An attacker could edit their own headers, creating an arbitrarily long useragent string, causing the event loop and server to block. This affects Useragent 2.1.12 and earlier.
CVE-2017-16007 1 Cisco 1 Node-jose 2026-06-17 4.3 MEDIUM 5.9 MEDIUM
node-jose is a JavaScript implementation of the JSON Object Signing and Encryption (JOSE) for current web browsers and node.js-based servers. node-jose earlier than version 0.9.3 is vulnerable to an invalid curve attack. This allows an attacker to recover the private secret key when JWE with Key Agreement with Elliptic Curve Diffie-Hellman Ephemeral Static (ECDH-ES) is used.
CVE-2017-15944 1 Paloaltonetworks 1 Pan-os 2026-06-17 7.5 HIGH 9.8 CRITICAL
Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.6 allows remote attackers to execute arbitrary code via vectors involving the management interface.
CVE-2017-15942 1 Paloaltonetworks 1 Pan-os 2026-06-17 5.0 MEDIUM 7.5 HIGH
Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.13, and 8.0.x before 8.0.6 allows remote attackers to cause a denial of service via vectors related to the management interface.
CVE-2017-15923 2 Debian, Konversation 2 Debian Linux, Konversation 2026-06-17 5.0 MEDIUM 7.5 HIGH
Konversation 1.4.x, 1.5.x, 1.6.x, and 1.7.x before 1.7.3 allow remote attackers to cause a denial of service (crash) via vectors related to parsing of IRC color formatting codes.
CVE-2017-15914 1 Borgbackup 1 Borg 2026-06-17 6.5 MEDIUM 8.8 HIGH
Incorrect implementation of access controls allows remote users to override repository restrictions in Borg servers 1.1.x before 1.1.3.
CVE-2017-15896 1 Nodejs 1 Node.js 2026-06-17 6.4 MEDIUM 9.1 CRITICAL
Node.js was affected by OpenSSL vulnerability CVE-2017-3737 in regards to the use of SSL_read() due to TLS handshake failure. The result was that an active network attacker could send application data to Node.js using the TLS or HTTP2 modules in a way that bypassed TLS authentication and encryption.
CVE-2017-15891 1 Synology 1 Calendar 2026-06-17 4.0 MEDIUM 6.5 MEDIUM
Improper access control vulnerability in SYNO.Cal.EventBase in Synology Calendar before 2.0.1-0242 allows remote authenticated users to modify calendar event via unspecified vectors.
CVE-2017-15870 1 Paloaltonetworks 1 Globalprotect 2026-06-17 7.2 HIGH 6.7 MEDIUM
Palo Alto Networks GlobalProtect Agent before 4.0.3 allows attackers with administration rights on the local station to gain SYSTEM privileges via vectors involving "image path execution hijacking."
CVE-2017-15864 2 Debian, Otrs 2 Debian Linux, Otrs 2026-06-17 4.0 MEDIUM 8.8 HIGH
In the Agent Frontend in Open Ticket Request System (OTRS) 3.3.x through 3.3.18, with a crafted URL it is possible to gain information like database user and password.
CVE-2017-15841 1 Qualcomm 32 Sd 410, Sd 410 Firmware, Sd 412 and 29 more 2026-06-17 4.9 MEDIUM 5.5 MEDIUM
When HOST sends a Special command ID packet, Controller triggers a RAM Dump and FW reset in Snapdragon Mobile in version SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 835, Snapdragon_High_Med_2016.
CVE-2017-15718 1 Apache 1 Hadoop 2026-06-17 5.0 MEDIUM 9.8 CRITICAL
The YARN NodeManager in Apache Hadoop 2.7.3 and 2.7.4 can leak the password for credential store provider used by the NodeManager to YARN Applications.
CVE-2017-15702 1 Apache 1 Qpid Broker-j 2026-06-17 7.5 HIGH 9.8 CRITICAL
In Apache Qpid Broker-J 0.18 through 0.32, if the broker is configured with different authentication providers on different ports one of which is an HTTP port, then the broker can be tricked by a remote unauthenticated attacker connecting to the HTTP port into using an authentication provider that was configured on a different port. The attacker still needs valid credentials with the authentication provider on the spoofed port. This becomes an issue when the spoofed port has weaker authentication protection (e.g., anonymous access, default accounts) and is normally protected by firewall rules or similar which can be circumvented by this vulnerability. AMQP ports are not affected. Versions 6.0.0 and newer are not affected.
CVE-2017-15638 2 Opensuse, Suse 5 Leap, Linux Enterprise Desktop, Linux Enterprise Server and 2 more 2026-06-17 6.4 MEDIUM 6.5 MEDIUM
The SuSEfirewall2 package before 3.6.312-2.13.1 in SUSE Linux Enterprise (SLE) Desktop 12 SP2, Server 12 SP2, and Server for Raspberry Pi 12 SP2; before 3.6.312.333-3.10.1 in SLE Desktop 12 SP3 and Server 12 SP3; before 3.6_SVNr208-2.18.3.1 in SLE Server 11 SP4; before 3.6.312-5.9.1 in openSUSE Leap 42.2; and before 3.6.312.333-7.1 in openSUSE Leap 42.3 might allow remote attackers to bypass intended access restrictions on the portmap service by leveraging a missing source net restriction for _rpc_ services.