Vulnerabilities (CVE)

Filtered by CWE-20
Total 10575 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-12495 1 Hp 1 Intelligent Management Center 2024-11-21 9.0 HIGH 8.8 HIGH
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.
CVE-2017-12494 1 Hp 1 Intelligent Management Center 2024-11-21 9.0 HIGH 8.8 HIGH
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.
CVE-2017-12493 1 Hp 1 Intelligent Management Center 2024-11-21 9.0 HIGH 8.8 HIGH
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.
CVE-2017-12492 1 Hp 1 Intelligent Management Center 2024-11-21 9.0 HIGH 8.8 HIGH
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.
CVE-2017-12491 1 Hp 1 Intelligent Management Center 2024-11-21 9.0 HIGH 8.8 HIGH
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.
CVE-2017-12490 1 Hp 1 Intelligent Management Center 2024-11-21 9.0 HIGH 8.8 HIGH
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.
CVE-2017-12489 1 Hp 1 Intelligent Management Center 2024-11-21 9.0 HIGH 8.8 HIGH
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.
CVE-2017-12488 1 Hp 1 Intelligent Management Center 2024-11-21 9.0 HIGH 8.8 HIGH
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.
CVE-2017-12487 1 Hp 1 Intelligent Management Center 2024-11-21 9.0 HIGH 8.8 HIGH
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.
CVE-2017-12473 1 Ccn-lite 1 Ccn-lite 2024-11-21 5.0 MEDIUM 7.5 HIGH
ccnl_ccntlv_bytes2pkt in CCN-lite allows context-dependent attackers to cause a denial of service (application crash) via vectors involving packets with "wrong L values."
CVE-2017-12197 3 Debian, Libpam4j Project, Redhat 3 Debian Linux, Libpam4j, Enterprise Linux 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
It was found that libpam4j up to and including 1.8 did not properly validate user accounts when authenticating. A user with a valid password for a disabled account would be able to bypass security restrictions and possibly access sensitive information.
CVE-2017-12194 1 Spice-gtk Project 1 Spice-gtk 2024-11-21 10.0 HIGH 9.8 CRITICAL
A flaw was found in the way spice-client processed certain messages sent from the server. An attacker, having control of malicious spice-server, could use this flaw to crash the client or execute arbitrary code with permissions of the user running the client. spice-gtk versions through 0.34 are believed to be vulnerable.
CVE-2017-12173 2 Fedoraproject, Redhat 6 Sssd, Enterprise Linux Desktop, Enterprise Linux Server and 3 more 2024-11-21 4.0 MEDIUM 4.3 MEDIUM
It was found that sssd's sysdb_search_user_by_upn_res() function before 1.16.0 did not sanitize requests when querying its local cache and was vulnerable to injection. In a centralized login environment, if a password hash was locally cached for a given user, an authenticated attacker could use this flaw to retrieve it.
CVE-2017-12148 1 Redhat 2 Ansible Tower, Cloudforms 2024-11-21 9.0 HIGH 8.4 HIGH
A flaw was found in Ansible Tower's interface before 3.1.5 and 3.2.0 with SCM repositories. If a Tower project (SCM repository) definition does not have the 'delete before update' flag set, an attacker with commit access to the upstream playbook source repository could create a Trojan playbook that, when executed by Tower, modifies the checked out SCM repository to add git hooks. These git hooks could, in turn, cause arbitrary command and code execution as the user Tower runs as.
CVE-2017-12124 1 Moxa 2 Edr-810, Edr-810 Firmware 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
An exploitable denial of service vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP URI can cause a null pointer dereference resulting in the web server crashing. An attacker can send a crafted URI to trigger this vulnerability.
CVE-2017-12088 1 Rockwellautomation 2 Micrologix 1400, Micrologix 1400 B Firmware 2024-11-21 7.8 HIGH 8.6 HIGH
An exploitable denial of service vulnerability exists in the Ethernet functionality of the Allen Bradley Micrologix 1400 Series B FRN 21.2 and below. A specially crafted packet can cause a device power cycle resulting in a fault state and deletion of ladder logic. An attacker can send one unauthenticated packet to trigger this vulnerability
CVE-2017-12070 1 Opcfoundation 1 Ua-.net-legacy 2024-11-21 6.8 MEDIUM 8.8 HIGH
Unsigned versions of the DLLs distributed by the OPC Foundation may be replaced with malicious code.
CVE-2017-11740 1 Zohocorp 1 Manageengine Applications Manager 2024-11-21 6.8 MEDIUM 8.8 HIGH
In Zoho ManageEngine Application Manager 13.1 Build 13100, the administrative user has the ability to upload files/binaries that can be executed upon the occurrence of an alarm. An attacker can abuse this functionality by uploading a malicious script that can be executed on the remote system.
CVE-2017-1002157 1 Redhat 1 Modulemd 2024-11-21 7.5 HIGH 9.8 CRITICAL
modulemd 1.3.1 and earlier uses an unsafe function for processing externally provided data, leading to remote code execution.
CVE-2017-1000600 1 Wordpress 1 Wordpress 2024-11-21 6.5 MEDIUM 8.8 HIGH
WordPress version <4.9 contains a CWE-20 Input Validation vulnerability in thumbnail processing that can result in remote code execution. This attack appears to be exploitable via thumbnail upload by an authenticated user and may require additional plugins in order to be exploited however this has not been confirmed at this time. This issue appears to have been partially, but not completely fixed in WordPress 4.9