Vulnerabilities (CVE)

Filtered by NVD-CWE-noinfo
Total 35900 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-15302 1 Cpuid 1 Cpu-z 2026-06-17 7.2 HIGH 7.8 HIGH
In CPUID CPU-Z through 1.81, there are improper access rights to a kernel-mode driver (e.g., cpuz143_x64.sys for version 1.43) that can result in information disclosure or elevation of privileges, because of an arbitrary read of any physical address via ioctl 0x9C402604. Any application running on the system (Windows), including sandboxed users, can issue an ioctl to this driver without any validation. Furthermore, the driver can map any physical page on the system and returns the allocated map page address to the user: that results in an information leak and EoP. NOTE: the vendor indicates that the arbitrary read itself is intentional behavior (for ACPI scan functionality); the security issue is the lack of an ACL.
CVE-2017-15300 1 Ewbf 1 Cuda Zcash Miner 2026-06-17 5.0 MEDIUM 5.3 MEDIUM
The miner statistics HTTP API in EWBF Cuda Zcash Miner Version 0.3.4b hangs on incoming TCP connections until some sort of request is made (such as "GET / HTTP/1.1"), which allows for a Denial of Service attack preventing a user from viewing their mining statistics by an attacker opening a session with telnet or netcat and connecting to the miner on the HTTP API port.
CVE-2017-15192 1 Wireshark 1 Wireshark 2026-06-17 5.0 MEDIUM 7.5 HIGH
In Wireshark 2.4.0 to 2.4.1 and 2.2.0 to 2.2.9, the BT ATT dissector could crash. This was addressed in epan/dissectors/packet-btatt.c by considering a case where not all of the BTATT packets have the same encapsulation level.
CVE-2017-15190 1 Wireshark 1 Wireshark 2026-06-17 5.0 MEDIUM 7.5 HIGH
In Wireshark 2.4.0 to 2.4.1, the RTSP dissector could crash. This was addressed in epan/dissectors/packet-rtsp.c by correcting the scope of a variable.
CVE-2017-15136 1 Redhat 1 Satellite 2026-06-17 4.0 MEDIUM 2.7 LOW
When registering and activating a new system with Red Hat Satellite 6 if the new systems hostname is then reset to the hostname of a previously registered system the previously registered system will lose access to updates including security updates.
CVE-2017-15130 3 Canonical, Debian, Dovecot 3 Ubuntu Linux, Debian Linux, Dovecot 2026-06-17 4.3 MEDIUM 5.9 MEDIUM
A denial of service flaw was found in dovecot before 2.2.34. An attacker able to generate random SNI server names could exploit TLS SNI configuration lookups, leading to excessive memory usage and the process to restart.
CVE-2017-15107 1 Thekelleys 1 Dnsmasq 2026-06-17 5.0 MEDIUM 7.5 HIGH
A vulnerability was found in the implementation of DNSSEC in Dnsmasq up to and including 2.78. Wildcard synthesized NSEC records could be improperly interpreted to prove the non-existence of hostnames that actually exist.
CVE-2017-15044 1 Docuware 1 Fulltext Server 2026-06-17 6.5 MEDIUM 8.8 HIGH
The default installation of DocuWare Fulltext Search server through 6.11 allows remote users to connect to and download searchable text from the embedded Solr service, bypassing DocuWare's access control features of the DocuWare user interfaces and API. An attacker can also gain privileges by modifying text. The default installation is unsafe because the server listens on the network interface, not the localhost interface.
CVE-2017-15041 3 Debian, Golang, Redhat 7 Debian Linux, Go, Developer Tools and 4 more 2026-06-17 7.5 HIGH 9.8 CRITICAL
Go before 1.8.4 and 1.9.x before 1.9.1 allows "go get" remote command execution. Using custom domains, it is possible to arrange things so that example.com/pkg1 points to a Subversion repository but example.com/pkg1/pkg2 points to a Git repository. If the Subversion repository includes a Git checkout in its pkg2 directory and some other work is done to ensure the proper ordering of operations, "go get" can be tricked into reusing this Git checkout for the fetch of code from pkg2. If the Subversion repository's Git checkout has malicious commands in .git/hooks/, they will execute on the system running "go get."
CVE-2017-14979 1 Gxlcms 1 Gxlcms 2026-06-17 5.0 MEDIUM 7.5 HIGH
Gxlcms uses an unsafe character-replacement approach in an attempt to restrict access, which allows remote attackers to read arbitrary files via modified pathnames in the s parameter to index.php, related to Lib/Admin/Action/TplAction.class.php and Lib/Admin/Common/function.php.
CVE-2017-14907 1 Google 1 Android 2026-06-17 10.0 HIGH 9.8 CRITICAL
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, cryptographic strength is reduced while deriving disk encryption key.
CVE-2017-14906 1 Google 1 Android 2026-06-17 10.0 HIGH 9.8 CRITICAL
In Android before 2018-01-05 on Qualcomm Snapdragon IoT, Snapdragon Mobile MDM9206, MDM9607, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, PKCS7 padding is not supported by the crypto storage APIs.
CVE-2017-14855 1 Redlion 2 Hmi Panel, Hmi Panel Firmware 2026-06-17 7.8 HIGH 8.6 HIGH
Red Lion HMI panels allow remote attackers to cause a denial of service (software exception) via an HTTP POST request to a long URI that does not exist, as demonstrated by version HMI 2.41 PLC 2.42.
CVE-2017-14803 1 Netiq 1 Access Manager 2026-06-17 10.0 HIGH 9.8 CRITICAL
In NetIQ Access Manager 4.3 and 4.4, a bug exists in Identity Server when accessing a basic SSO connector and downloading the BasicSSO connector plugins on IE11 where an attacker can execute arbitrary code on the system.
CVE-2017-14773 1 Skyboxsecurity 1 Skybox Manager Client Application 2026-06-17 4.6 MEDIUM 7.8 HIGH
Skybox Manager Client Application prior to 8.5.501 is prone to an elevation of privileges vulnerability during authentication of a valid user in a debugger-pause state. The vulnerability can only be exploited by a local authenticated attacker.
CVE-2017-14763 1 Genixcms 1 Genixcms 2026-06-17 6.5 MEDIUM 8.8 HIGH
In the Install Themes page in GeniXCMS 1.1.4, remote authenticated users can execute arbitrary PHP code via a .php file in a ZIP archive of a theme.
CVE-2017-14737 2 Botan Project, Debian 2 Botan, Debian Linux 2026-06-17 2.1 LOW 5.5 MEDIUM
A cryptographic cache-based side channel in the RSA implementation in Botan before 1.10.17, and 1.11.x and 2.x before 2.3.0, allows a local attacker to recover information about RSA secret keys, as demonstrated by CacheD. This occurs because an array is indexed with bits derived from a secret key.
CVE-2017-14595 1 Joomla 1 Joomla\! 2026-06-17 4.3 MEDIUM 3.7 LOW
In Joomla! before 3.8.0, a logic bug in a SQL query could lead to the disclosure of article intro texts when these articles are in the archived state.
CVE-2017-14593 1 Atlassian 1 Sourcetree 2026-06-17 9.0 HIGH 8.8 HIGH
Sourcetree for Windows had several argument and command injection bugs in Mercurial and Git repository handling. An attacker with permission to commit to a repository linked in Sourcetree for Windows is able to exploit this issue to gain code execution on the system. From version 0.8.4b of Sourcetree for Windows, this vulnerability can be triggered from a webpage through the use of the Sourcetree URI handler. Versions of Sourcetree for Windows starting with 0.5.1.0 before version 2.4.7.0 are affected by this vulnerability
CVE-2017-14592 1 Atlassian 1 Sourcetree 2026-06-17 9.0 HIGH 8.8 HIGH
Sourcetree for macOS had several argument and command injection bugs in Mercurial and Git repository handling. An attacker with permission to commit to a repository linked in Sourcetree for macOS is able to exploit this issue to gain code execution on the system. From version 1.4.0 of Sourcetree for macOS, this vulnerability can be triggered from a webpage through the use of the Sourcetree URI handler. Versions of Sourcetree for macOS starting with 1.0b2 before version 2.7.0 are affected by this vulnerability.