The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2017-12583 | DokuWiki through 2017-02-19b has XSS in the at parameter (aka the DATE_AT variable) to doku.php. | MEDIUM | Aug 5, 2017 |
| CVE-2017-12582 | Unprivileged user can access all functions in the Surveillance Station component in QNAP TS212P devices with firmware 4.2.1 build 20160601. Unprivileged user cannot login at front end but with that unprivileged user SID, all function can access at Surveillance Station. | HIGH | Aug 18, 2017 |
| CVE-2017-12581 | GitHub Electron before 1.6.8 allows remote command execution because of a nodeIntegration bypass vulnerability. This also affects all applications that bundle Electron code equivalent to 1.6.8 or earlier. Bypassing the Same Origin Policy (SOP) is a precondition; however, recent Electron versions do not have strict SOP enforcement. Combining an SOP bypass with a privileged URL internally used by Electron, it was possible to execute native Node.js primitives in order to run OS commands on the user's host. Specifically, a chrome-devtools://devtools/bundled/inspector.html window could be used to eval a Node.js child_process.execFile API call. | HIGH | Aug 7, 2017 |
| CVE-2017-12580 | An issue was discovered in IDM UltraEdit through 24.10.0.32. To exploit the vulnerability, on unpatched Windows systems, an attacker could include in the same directory as the affected executable a DLL using the name of a Windows DLL. This DLL must be preloaded by the executable (for example, ntmarta.dll). When the installer EXE is executed by the user, the DLL located in the EXE\'s current directory will be loaded instead of the Windows DLL, allowing the attacker to run arbitrary code on the affected system. | MEDIUM | Mar 3, 2020 |
| CVE-2017-12579 | An insecure suid wrapper binary in the HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 4.0.24 and earlier allows a non-root user to obtain a root shell. | HIGH | Oct 19, 2017 |
| CVE-2017-12577 | An issue was discovered on the PLANEX CS-QR20 1.30. A hardcoded account / password (admin:password) is used in the Android application that allows attackers to use a hidden API URL /goform/SystemCommand to execute any command with root permission. | HIGH | Aug 24, 2018 |
| CVE-2017-12576 | An issue was discovered on the PLANEX CS-QR20 1.30. A hidden and undocumented management page allows an attacker to execute arbitrary code on the device when the user is authenticated. The management page was used for debugging purposes, once you login and access the page directly (/admin/system_command.asp), you can execute any command. | HIGH | Aug 24, 2018 |
| CVE-2017-12575 | An issue was discovered on the NEC Aterm WG2600HP2 1.0.2. The router has a set of web service APIs for access to and setup of the configuration. Some APIs don't require authentication. An attacker could exploit this vulnerability by sending a crafted HTTP request to retrieve DHCP clients, firmware version, and network status (ex.: curl -X http://[IP]/aterm_httpif.cgi/negotiate -d REQ_ID=SUPPORT_IF_GET). | MEDIUM | Aug 24, 2018 |
| CVE-2017-12574 | An issue was discovered on PLANEX CS-W50HD devices with firmware before 030720. A hardcoded credential supervisor:dangerous was injected into web authentication database /.htpasswd during booting process, which allows attackers to gain unauthorized access and control the device completely; the account can't be modified or deleted. | HIGH | Aug 24, 2018 |
| CVE-2017-12573 | An issue was discovered on PLANEX CS-W50HD devices with firmware before 030720. The device has a command-injection vulnerability in the web management UI on NAS settings page /cgi-bin/nasset.cgi. An attacker can send a crafted HTTP POST request to execute arbitrary code. Authentication is required before executing the attack. | HIGH | Aug 24, 2018 |
| CVE-2017-12572 | Persistent Cross Site Scripting (XSS) exists in Splunk Enterprise 6.5.x before 6.5.2, 6.4.x before 6.4.6, and 6.3.x before 6.3.9 and Splunk Light before 6.5.2, with exploitation requiring administrative access, aka SPL-134104. | LOW | Aug 5, 2017 |
| CVE-2017-12568 | Denial of Service vulnerability in Debut embedded httpd 1.20 in Brother DCP-J132W (and probably other DCP models) allows remote attackers to hang the printer (disrupting its network connection) by sending a large amount of HTTP packets. | HIGH | Aug 5, 2017 |
| CVE-2017-12567 | SQL injection exists in Quest KACE Asset Management Appliance 6.4.120822 through 7.2, Systems Management Appliance 6.4.120822 through 7.2.101, and K1000 as a Service 7.0 through 7.2. | HIGH | Aug 7, 2017 |
| CVE-2017-12566 | In ImageMagick 7.0.6-2, a memory leak vulnerability was found in the function ReadMVGImage in coders/mvg.c, which allows attackers to cause a denial of service, related to the function ReadSVGImage in svg.c. | Medium | Aug 7, 2017 |
| CVE-2017-12565 | In ImageMagick 7.0.6-2, a memory leak vulnerability was found in the function ReadOneJNGImage in coders/png.c, which allows attackers to cause a denial of service. | Medium | Aug 8, 2017 |
| CVE-2017-12564 | In ImageMagick 7.0.6-2, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service. | Medium | Aug 9, 2017 |
| CVE-2017-12563 | In ImageMagick 7.0.6-2, a memory exhaustion vulnerability was found in the function ReadPSDImage in coders/psd.c, which allows attackers to cause a denial of service. | High | Aug 8, 2017 |
| CVE-2017-12562 | Heap-based Buffer Overflow in the psf_binheader_writef function in common.c in libsndfile through 1.0.28 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. | High | Aug 9, 2017 |
| CVE-2017-12561 | A remote code execution vulnerability in HPE intelligent Management Center (iMC) PLAT version Plat 7.3 E0504P4 and earlier was found. | HIGH | Feb 16, 2018 |
| CVE-2017-12560 | A Remote Denial of Service vulnerability in HPE Intelligent Management Center (iMC) PLAT version iMC Plat 7.3 E0504P2 was found. | MEDIUM | Feb 16, 2018 |
| CVE-2017-12559 | A Remote Denial of Service vulnerability in HPE Intelligent Management Center (iMC) PLAT version iMC Plat 7.3 E0504P2 was found. | MEDIUM | Feb 16, 2018 |
| CVE-2017-12558 | A Remote Code Execution vulnerability in HPE intelligent Management Center (iMC) PLAT version IMC Plat 7.3 E0504P2 and earlier was found. | HIGH | Feb 16, 2018 |
| CVE-2017-12557 | A Remote Code Execution vulnerability in HPE intelligent Management Center (iMC) PLAT version IMC Plat 7.3 E0504P2 and earlier was found. | HIGH | Feb 16, 2018 |
| CVE-2017-12556 | A Remote Code Execution vulnerability in HPE intelligent Management Center (iMC) PLAT version IMC Plat 7.3 E0504P2 and earlier was found. | HIGH | Feb 16, 2018 |
| CVE-2017-12555 | A remote arbitrary file download and disclosure of information vulnerability in HPE Intelligent Management Center (iMC) Service Operation Management (SOM) version IMC SOM 7.3 E0501 was found. | MEDIUM | Feb 16, 2018 |
| CVE-2017-12554 | A remote code execution vulnerability in HPE intelligent Management Center (iMC) PLAT iMC Plat 7.3 E0504P2 and earlier was found. | HIGH | Feb 16, 2018 |
| CVE-2017-12553 | A local authentication bypass vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found. | MEDIUM | Feb 16, 2018 |
| CVE-2017-12552 | A local arbitrary execution of commands vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found. | MEDIUM | Feb 16, 2018 |
| CVE-2017-12551 | A local arbitrary execution of commands vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found. | MEDIUM | Feb 16, 2018 |
| CVE-2017-12550 | A local security misconfiguration vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found. | MEDIUM | Feb 16, 2018 |
| CVE-2017-12549 | A local authentication bypass vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found. | MEDIUM | Feb 16, 2018 |
| CVE-2017-12548 | A local arbitrary command execution vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found. | MEDIUM | Feb 16, 2018 |
| CVE-2017-12547 | A local arbitrary command execution vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found. | MEDIUM | Feb 16, 2018 |
| CVE-2017-12546 | A local buffer overflow vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found. | MEDIUM | Feb 16, 2018 |
| CVE-2017-12545 | A remote denial of service vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found. | HIGH | Feb 16, 2018 |
| CVE-2017-12544 | A cross-site scripting vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found. | LOW | Feb 16, 2018 |
| CVE-2017-12543 | A remote disclosure of information vulnerability in Moonshot Remote Console Administrator Prior to 2.50, iLO4 prior to v2.53, iLO3 prior to v1.89 and iLO2 prior to v2.30 was found. | MEDIUM | Feb 16, 2018 |
| CVE-2017-12542 | A authentication bypass and execution of code vulnerability in HPE Integrated Lights-out 4 (iLO 4) version prior to 2.53 was found. | HIGH | Feb 16, 2018 |
| CVE-2017-12541 | A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version. | High | Feb 23, 2018 |
| CVE-2017-12540 | A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version. | High | Feb 23, 2018 |
| CVE-2017-12539 | A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version. | High | Feb 23, 2018 |
| CVE-2017-12538 | A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version. | High | Feb 23, 2018 |
| CVE-2017-12537 | A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version. | High | Feb 23, 2018 |
| CVE-2017-12536 | A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version. | High | Feb 23, 2018 |
| CVE-2017-12535 | A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version. | High | Feb 23, 2018 |
| CVE-2017-12534 | A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version. | High | Feb 23, 2018 |
| CVE-2017-12533 | A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version. | High | Feb 23, 2018 |
| CVE-2017-12532 | A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version. | High | Feb 23, 2018 |
| CVE-2017-12531 | A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version. | High | Feb 23, 2018 |
| CVE-2017-12530 | A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version. | High | Feb 23, 2018 |
