Total
35900 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-12624 | 1 Apache | 1 Cxf | 2026-06-17 | 4.3 MEDIUM | 5.5 MEDIUM |
| Apache CXF supports sending and receiving attachments via either the JAX-WS or JAX-RS specifications. It is possible to craft a message attachment header that could lead to a Denial of Service (DoS) attack on a CXF web service provider. Both JAX-WS and JAX-RS services are vulnerable to this attack. From Apache CXF 3.2.1 and 3.1.14, message attachment headers that are greater than 300 characters will be rejected by default. This value is configurable via the property "attachment-max-header-size". | |||||
| CVE-2017-12602 | 1 Opencv | 1 Opencv | 2026-06-17 | 7.8 HIGH | 7.5 HIGH |
| OpenCV (Open Source Computer Vision Library) through 3.3 has a denial of service (memory consumption) issue, as demonstrated by the 10-opencv-dos-memory-exhaust test case. | |||||
| CVE-2017-12600 | 1 Opencv | 1 Opencv | 2026-06-17 | 7.8 HIGH | 7.5 HIGH |
| OpenCV (Open Source Computer Vision Library) through 3.3 has a denial of service (CPU consumption) issue, as demonstrated by the 11-opencv-dos-cpu-exhaust test case. | |||||
| CVE-2017-12592 | 1 Asus | 2 Dsl-n10s, Dsl-n10s Firmware | 2026-06-17 | 6.5 MEDIUM | 8.8 HIGH |
| ASUS DSL-N10S V2.1.16_APAC devices have a privilege escalation vulnerability. A normal user can escalate its privilege and perform administrative actions. There is no mapping of users with their privileges. | |||||
| CVE-2017-12573 | 1 Planex | 2 Cs-w50hd, Cs-w50hd Firmware | 2026-06-17 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered on PLANEX CS-W50HD devices with firmware before 030720. The device has a command-injection vulnerability in the web management UI on NAS settings page "/cgi-bin/nasset.cgi". An attacker can send a crafted HTTP POST request to execute arbitrary code. Authentication is required before executing the attack. | |||||
| CVE-2017-12568 | 1 Brother | 2 Dcp-j132w, Dcp-j132w Firmware | 2026-06-17 | 7.8 HIGH | 7.5 HIGH |
| Denial of Service vulnerability in Debut embedded httpd 1.20 in Brother DCP-J132W (and probably other DCP models) allows remote attackers to hang the printer (disrupting its network connection) by sending a large amount of HTTP packets. | |||||
| CVE-2017-12553 | 3 Hp, Linux, Microsoft | 3 System Management Homepage, Linux Kernel, Windows | 2026-06-17 | 5.5 MEDIUM | 5.6 MEDIUM |
| A local authentication bypass vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found. | |||||
| CVE-2017-12552 | 3 Hp, Linux, Microsoft | 3 System Management Homepage, Linux Kernel, Windows | 2026-06-17 | 5.5 MEDIUM | 5.6 MEDIUM |
| A local arbitrary execution of commands vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found. | |||||
| CVE-2017-12551 | 3 Hp, Linux, Microsoft | 3 System Management Homepage, Linux Kernel, Windows | 2026-06-17 | 5.5 MEDIUM | 5.6 MEDIUM |
| A local arbitrary execution of commands vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found. | |||||
| CVE-2017-12550 | 3 Hp, Linux, Microsoft | 3 System Management Homepage, Linux Kernel, Windows | 2026-06-17 | 5.5 MEDIUM | 5.6 MEDIUM |
| A local security misconfiguration vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found. | |||||
| CVE-2017-12548 | 3 Hp, Linux, Microsoft | 3 System Management Homepage, Linux Kernel, Windows | 2026-06-17 | 5.5 MEDIUM | 5.6 MEDIUM |
| A local arbitrary command execution vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found. | |||||
| CVE-2017-12547 | 3 Hp, Linux, Microsoft | 3 System Management Homepage, Linux Kernel, Windows | 2026-06-17 | 5.5 MEDIUM | 5.6 MEDIUM |
| A local arbitrary command execution vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found. | |||||
| CVE-2017-12542 | 1 Hp | 2 Integrated Lights-out 4, Integrated Lights-out 4 Firmware | 2026-06-17 | 10.0 HIGH | 10.0 CRITICAL |
| A authentication bypass and execution of code vulnerability in HPE Integrated Lights-out 4 (iLO 4) version prior to 2.53 was found. | |||||
| CVE-2017-12479 | 1 Kaseya | 1 Unitrends Backup | 2026-06-17 | 9.0 HIGH | 8.8 HIGH |
| It was discovered that an issue in the session logic in Unitrends Backup (UB) before 10.0.0 allowed using the LOGDIR environment variable during a web session to elevate an existing low-privilege user to root privileges. A remote attacker with existing low-privilege credentials could then execute arbitrary commands with root privileges. | |||||
| CVE-2017-12423 | 1 Netapp | 1 Clustered Data Ontap | 2026-06-17 | 4.0 MEDIUM | 7.7 HIGH |
| NetApp Clustered Data ONTAP 8.3.x before 8.3.2P12 allows remote authenticated users to read data on other Storage Virtual Machines (SVMs) via unspecified vectors. | |||||
| CVE-2017-12421 | 1 Netapp | 1 Clustered Data Ontap | 2026-06-17 | 6.5 MEDIUM | 8.8 HIGH |
| NetApp Clustered Data ONTAP 8.3.x before 8.3.2P12 allows remote authenticated users to execute arbitrary code on the storage controller via unspecified vectors. | |||||
| CVE-2017-12362 | 1 Cisco | 1 Meeting Server | 2026-06-17 | 7.8 HIGH | 6.5 MEDIUM |
| A vulnerability in Cisco Meeting Server versions prior to 2.2.2 could allow an authenticated, remote attacker to cause the system to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to video calls being made on systems with a particular configuration. An attacker could exploit this by knowing a valid URI that directs to a Cisco Meeting Server. An attacker could then make a video call and cause the system to reload. Cisco Bug IDs: CSCve65931. | |||||
| CVE-2017-12360 | 1 Cisco | 1 Webex Meeting Center | 2026-06-17 | 4.3 MEDIUM | 4.3 MEDIUM |
| A vulnerability in Cisco WebEx Network Recording Player for WebEx Recording Format (WRF) files could allow an attacker to cause a denial of service (DoS) condition. An attacker could exploit this vulnerability by providing a user with a malicious WRF file via email or URL and convincing the user to open the file. A successful exploit could cause an affected player to crash, resulting in a DoS condition. This vulnerability affects Cisco WebEx Business Suite meeting sites, Cisco WebEx Meetings sites, and Cisco WebEx WRF players. Cisco Bug IDs: CSCve30294, CSCve30301. | |||||
| CVE-2017-12353 | 1 Cisco | 1 Asyncos | 2026-06-17 | 5.0 MEDIUM | 5.8 MEDIUM |
| A vulnerability in the Multipurpose Internet Mail Extensions (MIME) scanner of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to bypass configured user filters on the device. The vulnerability is due to improper error handling of a malformed MIME header in an email attachment. An attacker could exploit this vulnerability by sending an email with a crafted MIME attachment. For example, a successful exploit could allow the attacker to bypass configured user filters to drop the email. The malformed MIME headers may not be RFC compliant. However, some mail clients could still allow users to access the attachment, which may not have been properly filtered by the device. Cisco Bug IDs: CSCvf44666. | |||||
| CVE-2017-12319 | 1 Cisco | 198 1000 Integrated Services Router, 1100-4g\/6g Integrated Services Router, 1100-4g Integrated Services Router and 195 more | 2026-06-17 | 7.1 HIGH | 5.9 MEDIUM |
| A vulnerability in the Border Gateway Protocol (BGP) over an Ethernet Virtual Private Network (EVPN) for Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload, resulting in a denial of service (DoS) condition, or potentially corrupt the BGP routing table, which could result in network instability. The vulnerability exists due to changes in the implementation of the BGP MPLS-Based Ethernet VPN RFC (RFC 7432) draft between IOS XE software releases. When the BGP Inclusive Multicast Ethernet Tag Route or BGP EVPN MAC/IP Advertisement Route update packet is received, it could be possible that the IP address length field is miscalculated. An attacker could exploit this vulnerability by sending a crafted BGP packet to an affected device after the BGP session was established. An exploit could allow the attacker to cause the affected device to reload or corrupt the BGP routing table; either outcome would result in a DoS. The vulnerability may be triggered when the router receives a crafted BGP message from a peer on an existing BGP session. This vulnerability affects all releases of Cisco IOS XE Software prior to software release 16.3 that support BGP EVPN configurations. If the device is not configured for EVPN, it is not vulnerable. Cisco Bug IDs: CSCui67191, CSCvg52875. | |||||
