Vulnerabilities (CVE)

Filtered by NVD-CWE-noinfo
Total 35900 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-11396 1 Trendmicro 1 Interscan Web Security Virtual Appliance 2026-06-17 9.0 HIGH 7.2 HIGH
Vulnerability issues with the web service inspection of input parameters in Trend Micro Web Security Virtual Appliance 6.5 may allow potential attackers who already have administration rights to the console to implement remote code injections.
CVE-2017-11352 3 Canonical, Debian, Imagemagick 3 Ubuntu Linux, Debian Linux, Imagemagick 2026-06-17 4.3 MEDIUM 6.5 MEDIUM
In ImageMagick before 7.0.5-10, a crafted RLE image can trigger a crash because of incorrect EOF handling in coders/rle.c. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-9144.
CVE-2017-11347 1 Metinfo 1 Metinfo 2026-06-17 6.5 MEDIUM 8.8 HIGH
Authenticated Code Execution Vulnerability in MetInfo 5.3.17 allows a remote authenticated attacker to generate a PHP script with the content of a malicious image, related to admin/include/common.inc.php and admin/app/physical/physical.php.
CVE-2017-11305 6 Adobe, Apple, Google and 3 more 11 Flash Player, Flash Player Desktop Runtime, Mac Os X and 8 more 2026-06-17 4.3 MEDIUM 6.5 MEDIUM
A regression affecting Adobe Flash Player version 27.0.0.187 (and earlier versions) causes the unintended reset of the global settings preference file when a user clears browser data.
CVE-2017-11229 3 Adobe, Apple, Microsoft 7 Acrobat, Acrobat Dc, Acrobat Reader and 4 more 2026-06-17 6.8 MEDIUM 8.8 HIGH
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has a security bypass vulnerability when manipulating Forms Data Format (FDF).
CVE-2017-11197 1 Cyberark 1 Viewfinity 2026-06-17 N/A 7.8 HIGH
In CyberArk Viewfinity 5.5.10.95 and 6.x before 6.1.1.220, a low privilege user can escalate to an administrative user via a bug within the "add printer" option.
CVE-2017-11173 2 Debian, Rack-cors Project 2 Debian Linux, Rack-cors 2026-06-17 6.8 MEDIUM 8.8 HIGH
Missing anchor in generated regex for rack-cors before 0.4.1 allows a malicious third-party site to perform CORS requests. If the configuration were intended to allow only the trusted example.com domain name and not the malicious example.net domain name, then example.com.example.net (as well as example.com-example.net) would be inadvertently allowed.
CVE-2017-11169 1 Iball 2 Ib-wra300n3gt, Ib-wra300n3gt Firmware 2026-06-17 9.0 HIGH 8.8 HIGH
Privilege Escalation on iBall iB-WRA300N3GT iB-WRA300N3GT_1.1.1 devices allows remote authenticated users to obtain root privileges by leveraging a guest/user/normal account to submit a modified privilege parameter to /form2userconfig.cgi.
CVE-2017-11136 1 Stashcat 1 Heinekingmedia 2026-06-17 4.0 MEDIUM 6.5 MEDIUM
An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android, through 0.0.80w for Web, and through 0.0.86 for Desktop. It uses RSA to exchange a secret for symmetric encryption of messages. However, the private RSA key is not only stored on the client but transmitted to the backend, too. Moreover, the key to decrypt the private key is composed of the first 32 bytes of the SHA-512 hash of the user password. But this hash is stored on the backend, too. Therefore, everyone with access to the backend database can read the transmitted secret for symmetric encryption, hence can read the communication.
CVE-2017-11105 1 Oneplus 2 Oneplus 2, Primary Bootloader 2026-06-17 10.0 HIGH 9.8 CRITICAL
The OnePlus 2 Primary Bootloader (PBL) does not validate the SBL1 partition before executing it, although it contains a certificate. This allows attackers with write access to that partition to disable signature validation.
CVE-2017-11074 1 Google 1 Android 2026-06-17 4.6 MEDIUM 7.8 HIGH
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, there is an obsolete set/reset ssid hotlist API.
CVE-2017-11073 1 Google 1 Android 2026-06-17 4.6 MEDIUM 7.8 HIGH
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, the qcacld pktlog allows mapping memory via /proc/ath_pktlog/cld to user space.
CVE-2017-11041 1 Google 1 Android 2026-06-17 9.3 HIGH 7.8 HIGH
In all Qualcomm products with Android releases from CAF using the Linux kernel, an output buffer is accessed in one thread and can be potentially freed in another.
CVE-2017-11038 1 Google 1 Android 2026-06-17 4.6 MEDIUM 7.8 HIGH
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing the boot image header, range checks can be bypassed by supplying different versions of the header at the time of check and use.
CVE-2017-11023 1 Google 1 Android 2026-06-17 4.6 MEDIUM 7.8 HIGH
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, there is a possibility of out-of-bound buffer accesses due to no synchronization in accessing global variables by multiple threads.
CVE-2017-11010 1 Google 1 Android 2026-06-17 10.0 HIGH 9.8 CRITICAL
In Android before 2018-01-05 on Qualcomm Snapdragon IoT, Snapdragon Mobile MDM9206, MDM9650, SD 210/SD 212/SD 205, SD 625, SD 650/52, SD 835, access control left a configuration space unprotected.
CVE-2017-11004 1 Qualcomm 74 Ipq8074, Ipq8074 Firmware, Mdm9206 and 71 more 2026-06-17 2.1 LOW 5.5 MEDIUM
A non-secure user may be able to access certain registers in snapdragon automobile, snapdragon mobile and snapdragon wear in versions IPQ8074, MDM9206, MDM9607, MDM9635M, MDM9650, MDM9655, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SDA660, SDM439, SDM630, SDM660, SDX24, Snapdragon_High_Med_2016.
CVE-2017-10999 1 Google 1 Android 2026-06-17 6.8 MEDIUM 7.8 HIGH
In all Qualcomm products with Android releases from CAF using the Linux kernel, concurrent calls into ioctl RMNET_IOCTL_ADD_MUX_CHANNEL in ipa wan driver may lead to memory corruption due to missing locks.
CVE-2017-10935 1 Zte 2 Zxr10 1800-2s, Zxr10 1800-2s Firmware 2026-06-17 4.0 MEDIUM 7.2 HIGH
All versions prior to ZSRV2 V3.00.40 of the ZTE ZXR10 1800-2S products allow remote authenticated users to bypass the original password authentication protection to change other user's password.
CVE-2017-10919 1 Xen 1 Xen 2026-06-17 5.0 MEDIUM 6.5 MEDIUM
Xen through 4.8.x mishandles virtual interrupt injection, which allows guest OS users to cause a denial of service (hypervisor crash), aka XSA-223.