Vulnerabilities (CVE)

Filtered by NVD-CWE-noinfo
Total 35900 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-12624 1 Apache 1 Cxf 2026-06-17 4.3 MEDIUM 5.5 MEDIUM
Apache CXF supports sending and receiving attachments via either the JAX-WS or JAX-RS specifications. It is possible to craft a message attachment header that could lead to a Denial of Service (DoS) attack on a CXF web service provider. Both JAX-WS and JAX-RS services are vulnerable to this attack. From Apache CXF 3.2.1 and 3.1.14, message attachment headers that are greater than 300 characters will be rejected by default. This value is configurable via the property "attachment-max-header-size".
CVE-2017-12602 1 Opencv 1 Opencv 2026-06-17 7.8 HIGH 7.5 HIGH
OpenCV (Open Source Computer Vision Library) through 3.3 has a denial of service (memory consumption) issue, as demonstrated by the 10-opencv-dos-memory-exhaust test case.
CVE-2017-12600 1 Opencv 1 Opencv 2026-06-17 7.8 HIGH 7.5 HIGH
OpenCV (Open Source Computer Vision Library) through 3.3 has a denial of service (CPU consumption) issue, as demonstrated by the 11-opencv-dos-cpu-exhaust test case.
CVE-2017-12592 1 Asus 2 Dsl-n10s, Dsl-n10s Firmware 2026-06-17 6.5 MEDIUM 8.8 HIGH
ASUS DSL-N10S V2.1.16_APAC devices have a privilege escalation vulnerability. A normal user can escalate its privilege and perform administrative actions. There is no mapping of users with their privileges.
CVE-2017-12573 1 Planex 2 Cs-w50hd, Cs-w50hd Firmware 2026-06-17 9.0 HIGH 8.8 HIGH
An issue was discovered on PLANEX CS-W50HD devices with firmware before 030720. The device has a command-injection vulnerability in the web management UI on NAS settings page "/cgi-bin/nasset.cgi". An attacker can send a crafted HTTP POST request to execute arbitrary code. Authentication is required before executing the attack.
CVE-2017-12568 1 Brother 2 Dcp-j132w, Dcp-j132w Firmware 2026-06-17 7.8 HIGH 7.5 HIGH
Denial of Service vulnerability in Debut embedded httpd 1.20 in Brother DCP-J132W (and probably other DCP models) allows remote attackers to hang the printer (disrupting its network connection) by sending a large amount of HTTP packets.
CVE-2017-12553 3 Hp, Linux, Microsoft 3 System Management Homepage, Linux Kernel, Windows 2026-06-17 5.5 MEDIUM 5.6 MEDIUM
A local authentication bypass vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found.
CVE-2017-12552 3 Hp, Linux, Microsoft 3 System Management Homepage, Linux Kernel, Windows 2026-06-17 5.5 MEDIUM 5.6 MEDIUM
A local arbitrary execution of commands vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found.
CVE-2017-12551 3 Hp, Linux, Microsoft 3 System Management Homepage, Linux Kernel, Windows 2026-06-17 5.5 MEDIUM 5.6 MEDIUM
A local arbitrary execution of commands vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found.
CVE-2017-12550 3 Hp, Linux, Microsoft 3 System Management Homepage, Linux Kernel, Windows 2026-06-17 5.5 MEDIUM 5.6 MEDIUM
A local security misconfiguration vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found.
CVE-2017-12548 3 Hp, Linux, Microsoft 3 System Management Homepage, Linux Kernel, Windows 2026-06-17 5.5 MEDIUM 5.6 MEDIUM
A local arbitrary command execution vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found.
CVE-2017-12547 3 Hp, Linux, Microsoft 3 System Management Homepage, Linux Kernel, Windows 2026-06-17 5.5 MEDIUM 5.6 MEDIUM
A local arbitrary command execution vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found.
CVE-2017-12542 1 Hp 2 Integrated Lights-out 4, Integrated Lights-out 4 Firmware 2026-06-17 10.0 HIGH 10.0 CRITICAL
A authentication bypass and execution of code vulnerability in HPE Integrated Lights-out 4 (iLO 4) version prior to 2.53 was found.
CVE-2017-12479 1 Kaseya 1 Unitrends Backup 2026-06-17 9.0 HIGH 8.8 HIGH
It was discovered that an issue in the session logic in Unitrends Backup (UB) before 10.0.0 allowed using the LOGDIR environment variable during a web session to elevate an existing low-privilege user to root privileges. A remote attacker with existing low-privilege credentials could then execute arbitrary commands with root privileges.
CVE-2017-12423 1 Netapp 1 Clustered Data Ontap 2026-06-17 4.0 MEDIUM 7.7 HIGH
NetApp Clustered Data ONTAP 8.3.x before 8.3.2P12 allows remote authenticated users to read data on other Storage Virtual Machines (SVMs) via unspecified vectors.
CVE-2017-12421 1 Netapp 1 Clustered Data Ontap 2026-06-17 6.5 MEDIUM 8.8 HIGH
NetApp Clustered Data ONTAP 8.3.x before 8.3.2P12 allows remote authenticated users to execute arbitrary code on the storage controller via unspecified vectors.
CVE-2017-12362 1 Cisco 1 Meeting Server 2026-06-17 7.8 HIGH 6.5 MEDIUM
A vulnerability in Cisco Meeting Server versions prior to 2.2.2 could allow an authenticated, remote attacker to cause the system to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to video calls being made on systems with a particular configuration. An attacker could exploit this by knowing a valid URI that directs to a Cisco Meeting Server. An attacker could then make a video call and cause the system to reload. Cisco Bug IDs: CSCve65931.
CVE-2017-12360 1 Cisco 1 Webex Meeting Center 2026-06-17 4.3 MEDIUM 4.3 MEDIUM
A vulnerability in Cisco WebEx Network Recording Player for WebEx Recording Format (WRF) files could allow an attacker to cause a denial of service (DoS) condition. An attacker could exploit this vulnerability by providing a user with a malicious WRF file via email or URL and convincing the user to open the file. A successful exploit could cause an affected player to crash, resulting in a DoS condition. This vulnerability affects Cisco WebEx Business Suite meeting sites, Cisco WebEx Meetings sites, and Cisco WebEx WRF players. Cisco Bug IDs: CSCve30294, CSCve30301.
CVE-2017-12353 1 Cisco 1 Asyncos 2026-06-17 5.0 MEDIUM 5.8 MEDIUM
A vulnerability in the Multipurpose Internet Mail Extensions (MIME) scanner of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to bypass configured user filters on the device. The vulnerability is due to improper error handling of a malformed MIME header in an email attachment. An attacker could exploit this vulnerability by sending an email with a crafted MIME attachment. For example, a successful exploit could allow the attacker to bypass configured user filters to drop the email. The malformed MIME headers may not be RFC compliant. However, some mail clients could still allow users to access the attachment, which may not have been properly filtered by the device. Cisco Bug IDs: CSCvf44666.
CVE-2017-12319 1 Cisco 198 1000 Integrated Services Router, 1100-4g\/6g Integrated Services Router, 1100-4g Integrated Services Router and 195 more 2026-06-17 7.1 HIGH 5.9 MEDIUM
A vulnerability in the Border Gateway Protocol (BGP) over an Ethernet Virtual Private Network (EVPN) for Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload, resulting in a denial of service (DoS) condition, or potentially corrupt the BGP routing table, which could result in network instability. The vulnerability exists due to changes in the implementation of the BGP MPLS-Based Ethernet VPN RFC (RFC 7432) draft between IOS XE software releases. When the BGP Inclusive Multicast Ethernet Tag Route or BGP EVPN MAC/IP Advertisement Route update packet is received, it could be possible that the IP address length field is miscalculated. An attacker could exploit this vulnerability by sending a crafted BGP packet to an affected device after the BGP session was established. An exploit could allow the attacker to cause the affected device to reload or corrupt the BGP routing table; either outcome would result in a DoS. The vulnerability may be triggered when the router receives a crafted BGP message from a peer on an existing BGP session. This vulnerability affects all releases of Cisco IOS XE Software prior to software release 16.3 that support BGP EVPN configurations. If the device is not configured for EVPN, it is not vulnerable. Cisco Bug IDs: CSCui67191, CSCvg52875.