The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2017-12939 | A Remote Code Execution vulnerability was identified in all Windows versions of Unity Editor, e.g., before 5.3.8p2, 5.4.x before 5.4.5p5, 5.5.x before 5.5.4p3, 5.6.x before 5.6.3p1, and 2017.x before 2017.1.0p4. | HIGH | Aug 23, 2017 |
| CVE-2017-12938 | UnRAR before 5.5.7 allows remote attackers to bypass a directory-traversal protection mechanism via vectors involving a symlink to the . directory, a symlink to the .. directory, and a regular file. | MEDIUM | Aug 18, 2017 |
| CVE-2017-12937 | The ReadSUNImage function in coders/sun.c in GraphicsMagick 1.3.26 has a colormap heap-based buffer over-read. | Medium | Aug 23, 2017 |
| CVE-2017-12936 | The ReadWMFImage function in coders/wmf.c in GraphicsMagick 1.3.26 has a use-after-free issue for data associated with exception reporting. | Medium | Aug 20, 2017 |
| CVE-2017-12935 | The ReadMNGImage function in coders/png.c in GraphicsMagick 1.3.26 mishandles large MNG images, leading to an invalid memory read in the SetImageColorCallBack function in magick/image.c. | Medium | Aug 20, 2017 |
| CVE-2017-12934 | ext/standard/var_unserializer.re in PHP 7.0.x before 7.0.21 and 7.1.x before 7.1.7 is prone to a heap use after free while unserializing untrusted data, related to the zval_get_type function in Zend/zend_types.h. Exploitation of this issue can have an unspecified impact on the integrity of PHP. | MEDIUM | Aug 22, 2017 |
| CVE-2017-12933 | The finish_nested_data function in ext/standard/var_unserializer.re in PHP before 5.6.31, 7.0.x before 7.0.21, and 7.1.x before 7.1.7 is prone to a buffer over-read while unserializing untrusted data. Exploitation of this issue can have an unspecified impact on the integrity of PHP. | HIGH | Aug 22, 2017 |
| CVE-2017-12932 | ext/standard/var_unserializer.re in PHP 7.0.x through 7.0.22 and 7.1.x through 7.1.8 is prone to a heap use after free while unserializing untrusted data, related to improper use of the hash API for key deletion in a situation with an invalid array size. Exploitation of this issue can have an unspecified impact on the integrity of PHP. | HIGH | Aug 22, 2017 |
| CVE-2017-12930 | SQL Injection in the admin interface in TecnoVISION DLX Spot Player4 version >1.5.10 allows remote unauthenticated users to access the web interface as administrator via a crafted password. | HIGH | Sep 21, 2017 |
| CVE-2017-12929 | Arbitrary File Upload in resource.php of TecnoVISION DLX Spot Player4 version >1.5.10 allows remote authenticated users to upload arbitrary files leading to Remote Command Execution. | MEDIUM | Sep 21, 2017 |
| CVE-2017-12928 | A hard-coded password of tecn0visi0n for the dlxuser account in TecnoVISION DLX Spot Player4 (all known versions) allows remote attackers to log in via SSH and escalate privileges to root access with the same credentials. | HIGH | Sep 21, 2017 |
| CVE-2017-12927 | A cross-site scripting vulnerability exists in Cacti 1.1.17 in the method parameter in spikekill.php. | Medium | Aug 20, 2017 |
| CVE-2017-12925 | Double free vulnerability in DfFromLB in docfile.cxx in libfpx 1.3.1_p6 allows remote attackers to cause a denial of service via a crafted fpx image. | Medium | Sep 1, 2017 |
| CVE-2017-12924 | CDirVector::GetTable in dirfunc.hxx in libfpx 1.3.1_p6 allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted fpx image. | Medium | Sep 1, 2017 |
| CVE-2017-12923 | OLEStream::WriteVT_LPSTR in olestrm.cpp in libfpx 1.3.1_p6 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted fpx image. | Medium | Sep 1, 2017 |
| CVE-2017-12922 | wchar.c in libfpx 1.3.1_p6 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted fpx image. | Medium | Sep 1, 2017 |
| CVE-2017-12921 | PFileFlashPixView::GetGlobalInfoProperty in f_fpxvw.cpp in libfpx 1.3.1_p6 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted fpx image. | Medium | Sep 1, 2017 |
| CVE-2017-12920 | CDirectory::GetDirEntry in dir.cxx in libfpx 1.3.1_p6 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted fpx image. | Medium | Sep 1, 2017 |
| CVE-2017-12919 | Heap-based buffer overflow in OLEStream::WriteVT_LPSTR in olestrm.cpp in libfpx 1.3.1_p6 allows remote attackers to cause a denial of service via a crafted fpx image. | Medium | Sep 1, 2017 |
| CVE-2017-12912 | The mpglibDBL/layer3.c file in MP3Gain 1.5.2.r2 has a vulnerability which results in a read access violation when opening a crafted MP3 file. | MEDIUM | Sep 7, 2017 |
| CVE-2017-12911 | The apetag.c file in MP3Gain 1.5.2.r2 has a vulnerability which results in a stack memory corruption when opening a crafted MP3 file. | MEDIUM | Sep 7, 2017 |
| CVE-2017-12910 | SQL injection vulnerability in massmail.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the or parameter. | High | Aug 20, 2017 |
| CVE-2017-12909 | SQL injection vulnerability in modtask.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the userid parameter. | High | Aug 20, 2017 |
| CVE-2017-12908 | SQL injection vulnerability in takeconfirm.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the conusr parameter. | High | Aug 20, 2017 |
| CVE-2017-12907 | Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via the url path to usersearch.php. | Medium | Aug 20, 2017 |
| CVE-2017-12906 | Multiple cross-site scripting (XSS) vulnerabilities in NexusPHP allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) cheaters.php or (2) confirm_resend.php. | MEDIUM | Sep 8, 2017 |
| CVE-2017-12905 | Server Side Request Forgery vulnerability in Vebto Pixie Image Editor 1.4 and 1.7 allows remote attackers to disclose information or execute arbitrary code via the url parameter to Launderer.php. | HIGH | Sep 25, 2017 |
| CVE-2017-12904 | Improper Neutralization of Special Elements used in an OS Command in bookmarking function of Newsbeuter versions 0.7 through 2.9 allows remote attackers to perform user-assisted code execution by crafting an RSS item that includes shell code in its title and/or URL. | HIGH | Aug 23, 2017 |
| CVE-2017-12902 | The Zephyr parser in tcpdump before 4.9.2 has a buffer over-read in print-zephyr.c, several functions. | HIGH | Sep 14, 2017 |
| CVE-2017-12901 | The EIGRP parser in tcpdump before 4.9.2 has a buffer over-read in print-eigrp.c:eigrp_print(). | HIGH | Sep 14, 2017 |
| CVE-2017-12900 | Several protocol parsers in tcpdump before 4.9.2 could cause a buffer over-read in util-print.c:tok2strbuf(). | HIGH | Sep 14, 2017 |
| CVE-2017-12899 | The DECnet parser in tcpdump before 4.9.2 has a buffer over-read in print-decnet.c:decnet_print(). | HIGH | Sep 14, 2017 |
| CVE-2017-12898 | The NFS parser in tcpdump before 4.9.2 has a buffer over-read in print-nfs.c:interp_reply(). | HIGH | Sep 14, 2017 |
| CVE-2017-12897 | The ISO CLNS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isoclns_print(). | HIGH | Sep 14, 2017 |
| CVE-2017-12896 | The ISAKMP parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c:isakmp_rfc3948_print(). | HIGH | Sep 14, 2017 |
| CVE-2017-12895 | The ICMP parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp.c:icmp_print(). | HIGH | Sep 14, 2017 |
| CVE-2017-12894 | Several protocol parsers in tcpdump before 4.9.2 could cause a buffer over-read in addrtoname.c:lookup_bytestring(). | HIGH | Sep 14, 2017 |
| CVE-2017-12893 | The SMB/CIFS parser in tcpdump before 4.9.2 has a buffer over-read in smbutil.c:name_len(). | HIGH | Sep 14, 2017 |
| CVE-2017-12892 | Foxit PDF Compressor installers from versions from 7.0.0.183 to 7.7.2.10 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer. | MEDIUM | Aug 19, 2017 |
| CVE-2017-12885 | OX Software GmbH App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS). | MEDIUM | May 10, 2019 |
| CVE-2017-12884 | OX Software GmbH App Suite 7.8.4 and earlier is affected by: Information Exposure. | MEDIUM | May 10, 2019 |
| CVE-2017-12883 | Buffer overflow in the regular expression parser in PERL before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service (crash) or leak data from memory via vectors involving use of RExC_parse in the vFAIL macro. | MEDIUM | Sep 19, 2017 |
| CVE-2017-12882 | Stored Cross-site scripting (XSS) vulnerability in Spring Batch Admin before 1.3.0 allows remote authenticated users to inject arbitrary JavaScript or HTML via the file upload functionality. | LOW | Aug 19, 2017 |
| CVE-2017-12881 | Cross-site request forgery (CSRF) vulnerability in the Spring Batch Admin before 1.3.0 allows remote attackers to hijack the authentication of unspecified victims and submit arbitrary requests, such as exploiting the file upload vulnerability. | MEDIUM | Aug 19, 2017 |
| CVE-2017-12880 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-11424. Reason: This candidate is a duplicate of CVE-2017-11424. Notes: All CVE users should reference CVE-2017-11424 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage | -- | Nov 7, 2023 |
| CVE-2017-12879 | Cross-site scripting (XSS-STORED) vulnerability in the DEVICES OR SENSORS functionality in Paessler PRTG Network Monitor before 17.3.33.2654 allows authenticated remote attackers to inject arbitrary web script or HTML. | LOW | Aug 24, 2017 |
| CVE-2017-12877 | Use-after-free vulnerability in the DestroyImage function in image.c in ImageMagick before 7.0.6-6 allows remote attackers to cause a denial of service via a crafted file. | Medium | Aug 30, 2017 |
| CVE-2017-12876 | Heap-based buffer overflow in enhance.c in ImageMagick before 7.0.6-6 allows remote attackers to cause a denial of service via a crafted file. | Medium | Aug 30, 2017 |
| CVE-2017-12875 | The WritePixelCachePixels function in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (CPU consumption) via a crafted file. | High | Aug 31, 2017 |
| CVE-2017-12874 | The InfoCard module 1.0 for SimpleSAMLphp allows attackers to spoof XML messages by leveraging an incorrect check of return values in signature validation utilities. | Medium | Sep 6, 2017 |
