Vulnerabilities (CVE)

Filtered by NVD-CWE-noinfo
Total 35900 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-15617 1 Tp-link 76 Er5110g, Er5110g Firmware, Er5120g and 73 more 2026-06-17 9.0 HIGH 7.2 HIGH
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the iface variable in the interface_wan.lua file.
CVE-2017-15616 1 Tp-link 76 Er5110g, Er5110g Firmware, Er5120g and 73 more 2026-06-17 9.0 HIGH 7.2 HIGH
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-interface variable in the phddns.lua file.
CVE-2017-15615 1 Tp-link 76 Er5110g, Er5110g Firmware, Er5120g and 73 more 2026-06-17 9.0 HIGH 7.2 HIGH
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the lcpechointerval variable in the pptp_client.lua file.
CVE-2017-15614 1 Tp-link 76 Er5110g, Er5110g Firmware, Er5120g and 73 more 2026-06-17 9.0 HIGH 7.2 HIGH
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-outif variable in the pptp_client.lua file.
CVE-2017-15613 1 Tp-link 76 Er5110g, Er5110g Firmware, Er5120g and 73 more 2026-06-17 9.0 HIGH 7.2 HIGH
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-interface variable in the cmxddns.lua file.
CVE-2017-15594 1 Xen 1 Xen 2026-06-17 4.6 MEDIUM 8.8 HIGH
An issue was discovered in Xen through 4.9.x allowing x86 SVM PV guest OS users to cause a denial of service (hypervisor crash) or gain privileges because IDT settings are mishandled during CPU hotplugging.
CVE-2017-15590 1 Xen 1 Xen 2026-06-17 4.6 MEDIUM 8.8 HIGH
An issue was discovered in Xen through 4.9.x allowing x86 guest OS users to cause a denial of service (hypervisor crash) or possibly gain privileges because MSI mapping was mishandled.
CVE-2017-15575 2 Debian, Redmine 2 Debian Linux, Redmine 2026-06-17 7.5 HIGH 7.3 HIGH
In Redmine before 3.2.6 and 3.3.x before 3.3.3, Redmine.pm lacks a check for whether the Repository module is enabled in a project's settings, which might allow remote attackers to obtain sensitive differences information or possibly have unspecified other impact.
CVE-2017-15567 1 Idemia 2 Mso 1300, Mso 1300 Firmware 2026-06-17 7.2 HIGH 7.8 HIGH
The certificate import component in IDEMIA (formerly Morpho) MorphoSmart 1300 Series (aka MSO 1300 Series) devices allows local users to obtain a command shell, and consequently gain privileges, via unspecified vectors. NOTE: the vendor disputes this because there is no command shell in the product or in the associated SDK
CVE-2017-15535 1 Mongodb 1 Mongodb 2026-06-17 6.4 MEDIUM 9.1 CRITICAL
MongoDB 3.4.x before 3.4.10, and 3.5.x-development, has a disabled-by-default configuration setting, networkMessageCompressors (aka wire protocol compression), which exposes a vulnerability when enabled that could be exploited by a malicious attacker to deny service or modify memory.
CVE-2017-15525 1 Symantec 1 Endpoint Encryption 2026-06-17 5.5 MEDIUM 4.5 MEDIUM
Prior to SEE v11.1.3MP1, Symantec Endpoint Encryption can be susceptible to a denial of service (DoS) attack, which is a type of attack whereby the perpetrator attempts to make a particular machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a specific host within a network.
CVE-2017-15524 1 Kemptechnologies 1 Web Application Firewall 2026-06-17 6.4 MEDIUM 9.1 CRITICAL
The Application Firewall Pack (AFP, aka Web Application Firewall) component on Kemp Load Balancer devices with software before 7.2.40.1 allows a Security Feature Bypass via an HTTP POST request.
CVE-2017-15430 1 Google 1 Chrome 2026-06-17 4.3 MEDIUM 4.3 MEDIUM
Insufficient data validation in Chromecast plugin in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page.
CVE-2017-15391 2 Debian, Google 2 Debian Linux, Chrome 2026-06-17 4.3 MEDIUM 6.5 MEDIUM
Insufficient Policy Enforcement in Extensions in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to access Extension pages without authorisation via a crafted HTML page.
CVE-2017-15387 2 Debian, Google 2 Debian Linux, Chrome 2026-06-17 6.8 MEDIUM 8.8 HIGH
Insufficient enforcement of Content Security Policy in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to open javascript: URL windows when they should not be allowed to via a crafted HTML page.
CVE-2017-15377 1 Openinfosecfoundation 1 Suricata 2026-06-17 5.0 MEDIUM 7.5 HIGH
In Suricata before 4.x, it was possible to trigger lots of redundant checks on the content of crafted network traffic with a certain signature, because of DetectEngineContentInspection in detect-engine-content-inspection.c. The search engine doesn't stop when it should after no match is found; instead, it stops only upon reaching inspection-recursion-limit (3000 by default).
CVE-2017-15365 3 Fedoraproject, Mariadb, Percona 3 Fedora, Mariadb, Xtradb Cluster 2026-06-17 6.5 MEDIUM 8.8 HIGH
sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x before 10.2.10 and Percona XtraDB Cluster before 5.6.37-26.21-3 and 5.7.x before 5.7.19-29.22-3 allows remote authenticated users with SQL access to bypass intended access restrictions and replicate data definition language (DDL) statements to cluster nodes by leveraging incorrect ordering of DDL replication and ACL checking.
CVE-2017-15361 35 Acer, Aopen, Asi and 32 more 126 C720 Chromebook, Chromebase, Chromebase 24 and 123 more 2026-06-17 4.3 MEDIUM 5.9 MEDIUM
The Infineon RSA library 1.02.013 in Infineon Trusted Platform Module (TPM) firmware, such as versions before 0000000000000422 - 4.34, before 000000000000062b - 6.43, and before 0000000000008521 - 133.33, mishandles RSA key generation, which makes it easier for attackers to defeat various cryptographic protection mechanisms via targeted attacks, aka ROCA. Examples of affected technologies include BitLocker with TPM 1.2, YubiKey 4 (before 4.3.5) PGP key generation, and the Cached User Data encryption feature in Chrome OS.
CVE-2017-15340 1 Huawei 2 Tag-al00, Tag-al00 Firmware 2026-06-17 4.3 MEDIUM 5.5 MEDIUM
Huawei smartphones with software of TAG-AL00C92B168 have an information disclosure vulnerability. An attacker tricks the user to install a crafted application, this application simulate click action to back up data in a non-encrypted way using an Android assist function. Successful exploit could result in information disclosure.
CVE-2017-15307 1 Huawei 2 Honor 8, Honor 8 Firmware 2026-06-17 1.9 LOW 2.3 LOW
Huawei Honor 8 smartphone with software versions earlier than FRD-L04C567B389 and earlier than FRD-L14C567B389 have a permission control vulnerability due to improper authorization configuration on specific device information.