LiveActive security incident?Get immediate response
CVE archive

2017 CVE Archive

Browse CVE records published in 2017 CVE Archive, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 14752 matching CVEs · Page 2 of 296.

Medium · CVSS 6.1

CVE-2017-14850: All known versions of the Orpak SiteOmat web management console is vulnerable to multiple instances of Stor...

All known versions of the Orpak SiteOmat web management console is vulnerable to multiple instances of Stored Cross-site Scripting due to improper external user-input validation. An attacker with access to the web interface is able to hijack sessions or navigate victims outside of SiteOmat, to a malicious server owned by him.

Published Jun 3, 2019 · Updated Jun 2, 2026

Critical · CVSS 9.3

CVE-2017-20198: DC/OS Marathon UI < 1.9.0 Unauthenticated RCE via Docker Mount Abuse

The Marathon UI in DC/OS < 1.9.0 allows unauthenticated users to deploy arbitrary Docker containers. Due to improper restriction of volume mount configurations, attackers can deploy a container that mounts the host's root filesystem (/) with read/write privileges. When using a malicious Docker image, the attacker can write to /etc/cron.d/ on the host, achieving arbitrary code execution with root privileges. This impacts any system where the Docker daemon honors Marathon container configurations without policy enforcement.

Published Jul 23, 2025 · Updated May 15, 2026

High · CVSS 7.1

CVE-2017-20238: Hirschmann Industrial HiVision Improper Authorization Privilege Escalation

Hirschmann Industrial HiVision versions 06.0.00 and 07.0.00 prior to 06.0.06 and 07.0.01 contains an improper authorization vulnerability that allows read-only users to gain write access to managed devices by bypassing access control mechanisms. Attackers can exploit alternative interfaces such as the web interface or SNMP browser to modify device configurations despite having restricted permissions.

Published Apr 3, 2026 · Updated May 14, 2026

Critical · CVSS 9.8

CVE-2017-20237: Hirschmann Industrial HiVision Authentication Bypass Remote Code Execution

Hirschmann Industrial HiVision versions prior to 06.0.07 and 07.0.03 contains an authentication bypass vulnerability in the master service that allows unauthenticated remote attackers to execute arbitrary commands with administrative privileges. Attackers can invoke exposed interface methods over the remote service to bypass authentication and achieve remote code execution on the underlying operating system.

Published Apr 3, 2026 · Updated May 14, 2026

Critical · CVSS 9.8

CVE-2017-20236: ProSoft Technology ICX35-HWC Command Injection via Web Interface

ProSoft Technology ICX35-HWC versions 1.3 and prior cellular gateways contain an input validation vulnerability in the web user interface that allows remote attackers to inject and execute system commands by submitting malicious input through unvalidated fields. Attackers can exploit this vulnerability to gain root privileges and execute arbitrary commands on the device through the accessible web interface.

Published Apr 3, 2026 · Updated May 14, 2026

Critical · CVSS 9.3

CVE-2017-20235: ProSoft Technology ICX35-HWC Authentication Bypass

ProSoft Technology ICX35-HWC version 1.3 and prior cellular gateways contain an authentication bypass vulnerability in the web user interface that allows unauthenticated attackers to gain access to administrative functions without valid credentials. Attackers can bypass the authentication mechanism in affected firmware versions to obtain full administrative access to device configuration and settings.

Published Apr 3, 2026 · Updated May 14, 2026

Medium · CVSS 5.4

CVE-2017-20233: Hirschmann HiLCOS Layer-2 Firewall Multicast Broadcast Traffic Bypass

Hirschmann HiLCOS products OpenBAT, BAT450, WLC, BAT867 contains a firewall filtering vulnerability that fails to correctly filter IPv4 multicast and broadcast traffic when management IP address filtering is disabled, allowing configured filter rules to be bypassed. Attackers with network access can inject or observe multicast and broadcast packets that should have been blocked by the firewall.

Published Apr 3, 2026 · Updated May 12, 2026

Low · CVSS 3.3

CVE-2017-2404: An issue was discovered in certain Apple products.

An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "Quick Look" component. It allows remote attackers to trigger telephone calls to arbitrary numbers via a tel: URL in a PDF document, as exploited in the wild in October 2016.

Published Apr 2, 2017 · Updated May 9, 2026

Critical · CVSS 10

CVE-2017-20230: Storable versions before 3.05 for Perl has a stack overflow

Storable versions before 3.05 for Perl has a stack overflow. The retrieve_hook function stored the length of the class name into a signed integer but in read operations treated the length as unsigned. This allowed an attacker to craft data that could trigger the overflow.

Published Apr 21, 2026 · Updated Apr 21, 2026

Medium · CVSS 6.5

CVE-2017-1000101: curl supports "globbing" of URLs, in which a user can pass a numerical range to have the tool iterate over...

curl supports "globbing" of URLs, in which a user can pass a numerical range to have the tool iterate over those numbers to do a sequence of transfers. In the globbing function that parses the numerical range, there was an omission that made curl read a byte beyond the end of the URL if given a carefully crafted, or just wrongly written, URL. The URL is stored in a heap based buffer, so it could then be made to wrongly read something else instead of crashing. An example of a URL that triggers the flaw would be `http://ur%20[0-60000000000000000000`.

Published Oct 4, 2017 · Updated Apr 16, 2026

Low · CVSS 2.4

CVE-2017-7407: The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physically proximate attackers to ob...

The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which leads to a heap-based buffer over-read.

Published Apr 3, 2017 · Updated Apr 16, 2026

Medium · CVSS 6.5

CVE-2017-1000100: When doing a TFTP transfer and curl/libcurl is given a URL that contains a very long file name (longer than...

When doing a TFTP transfer and curl/libcurl is given a URL that contains a very long file name (longer than about 515 bytes), the file name is truncated to fit within the buffer boundaries, but the buffer size is still wrongly updated to use the untruncated length. This too large value is then used in the sendto() call, making curl attempt to send more data than what is actually put into the buffer. The endto() function will then read beyond the end of the heap based buffer. A malicious HTTP(S) server could redirect a vulnerable libcurl-using client to a crafted TFTP URL (if the client hasn't restricted which protocols it allows redirects to) and trick it to send private memory contents to a remote server over UDP. Limit curl's redirect protocols with --proto-redir and libcurl's with CURLOPT_REDIR_PROTOCOLS.

Published Oct 4, 2017 · Updated Apr 16, 2026

Critical · CVSS 9.1

CVE-2017-1000257: An IMAP FETCH response line indicates the size of the returned data, in number of bytes.

An IMAP FETCH response line indicates the size of the returned data, in number of bytes. When that response says the data is zero bytes, libcurl would pass on that (non-existing) data with a pointer and the size (zero) to the deliver-data function. libcurl's deliver-data function treats zero as a magic number and invokes strlen() on the data to figure out the length. The strlen() is called on a heap based buffer that might not be zero terminated so libcurl might read beyond the end of it into whatever memory lies after (or just crash) and then deliver that to the application as if it was actually downloaded.

Published Oct 31, 2017 · Updated Apr 15, 2026

Medium · CVSS 6.1

CVE-2017-20239: MDwiki Cross-Site Scripting via Location Hash Parameter

MDwiki contains a cross-site scripting vulnerability that allows remote attackers to execute arbitrary JavaScript by injecting malicious code through the location hash parameter. Attackers can craft URLs with JavaScript payloads in the hash fragment that are parsed and rendered without sanitization, causing the injected scripts to execute in the victim's browser context.

Published Apr 12, 2026 · Updated Apr 13, 2026

Critical · CVSS 9.8

CVE-2017-20208: RegistrationMagic - Custom Registration Forms <= 3.7.9.2 - PHP Object Injection

The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to PHP Object Injection in all versions up to 3.7.9.3 (exclusive) via deserialization of untrusted input from the is_expired_by_date() function. This makes it possible for unauthenticated attackers to inject a PHP Object. The additional presence of a POP chain allows attackers to fetch a remote file and install it on the site.

Published Oct 18, 2025 · Updated Apr 8, 2026

Critical · CVSS 9.8

CVE-2017-20207: Flickr Gallery <= 1.5.2 - Unauthenticated PHP Object Injection

The Flickr Gallery plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.5.2 via deserialization of untrusted input from the `pager ` parameter. This allows unauthenticated attackers to inject a PHP Object. Attackers were actively exploiting this vulnerability with the WP_Theme() class to create backdoors.

Published Oct 18, 2025 · Updated Apr 8, 2026

Medium · CVSS 4.7

CVE-2017-20193: Product Vendors <= 2.0.35 - Reflected Cross Site Scripting

The Product Vendors is vulnerable to Reflected Cross-Site Scripting via the 'vendor_description' parameter in versions up to, and including, 2.0.35 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

Published Oct 16, 2024 · Updated Apr 8, 2026

High · CVSS 8.3

CVE-2017-20192: Formidable Form Builder < 2.05.03 - Unauthenticated Stored Cross-Site Scripting

The Formidable Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters submitted during form entries like 'after_html' in versions before 2.05.03 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute in a victim's browser.

Published Oct 16, 2024 · Updated Apr 8, 2026

Critical · CVSS 9.8

CVE-2017-20206: Appointments <= 2.2.1 - Unauthenticated PHP Object Injection

The Appointments plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.2.1 via deserialization of untrusted input from the `wpmudev_appointments` cookie. This allows unauthenticated attackers to inject a PHP Object. Attackers were actively exploiting this vulnerability with the WP_Theme() class to create backdoors.

Published Oct 18, 2025 · Updated Apr 8, 2026

Critical · CVSS 9.8

CVE-2017-20223: Telesquare SKT LTE Router SDT-CS3B1 Insecure Direct Object Reference

Telesquare SKT LTE Router SDT-CS3B1 firmware version 1.2.0 contains an insecure direct object reference vulnerability that allows attackers to bypass authorization and access resources by manipulating user-supplied input parameters. Attackers can directly reference objects in the system to retrieve sensitive information and access functionalities without proper access controls.

Published Mar 16, 2026 · Updated Apr 7, 2026

High · CVSS 8.7

CVE-2017-20222: Telesquare SKT LTE Router SDT-CS3B1 Unauthenticated Remote Reboot

Telesquare SKT LTE Router SDT-CS3B1 software version 1.2.0 contains an unauthenticated remote reboot vulnerability that allows attackers to trigger device reboot without authentication. Attackers can send POST requests to the lte.cgi endpoint with the Command=Reboot parameter to cause denial of service by forcing the router to restart.

Published Mar 16, 2026 · Updated Apr 7, 2026

Medium · CVSS 5.3

CVE-2017-20221: Telesquare SKT LTE Router SDT-CS3B1 CSRF System Command Execution

Telesquare SKT LTE Router SDT-CS3B1 version 1.2.0 contains a cross-site request forgery vulnerability that allows authenticated attackers to execute arbitrary system commands by exploiting missing request validation. Attackers can craft malicious web pages that perform administrative actions when visited by logged-in users, enabling command execution with router privileges.

Published Mar 16, 2026 · Updated Apr 7, 2026

Critical · CVSS 9.8

CVE-2017-20216: FLIR Thermal Camera PT-Series firmware version 8.0.0.64 Unauthenticated Remote Command Injection

FLIR Thermal Camera PT-Series firmware version 8.0.0.64 contains multiple unauthenticated remote command injection vulnerabilities in the controllerFlirSystem.php script. Attackers can execute arbitrary system commands as root by exploiting unsanitized POST parameters in the execFlirSystem() function through shell_exec() calls. Exploitation evidence was observed by the Shadowserver Foundation on 2026-01-06 (UTC).

Published Jan 7, 2026 · Updated Apr 7, 2026

High · CVSS 8.7

CVE-2017-20213: FLIR Thermal Camera F/FC/PT/D Stream 8.0.0.64 Unauthenticated Stream Disclosure

FLIR Thermal Camera F/FC/PT/D Stream firmware version 8.0.0.64 contains an unauthenticated vulnerability that allows remote attackers to access live camera streams without credentials. Attackers can exploit the vulnerability to view unauthorized thermal camera video feeds across multiple camera series without requiring any authentication.

Published Jan 7, 2026 · Updated Apr 7, 2026

High · CVSS 8.7

CVE-2017-20212: FLIR Thermal Camera F/FC/PT/D 8.0.0.64 Information Disclosure via File Reading

FLIR Thermal Camera F/FC/PT/D firmware version 8.0.0.64 contains an information disclosure vulnerability that allows unauthenticated attackers to read arbitrary files through unverified input parameters. Attackers can exploit the /var/www/data/controllers/api/xml.php readFile() function to access local system files without authentication.

Published Jan 7, 2026 · Updated Apr 7, 2026

Critical · CVSS 9.8

CVE-2017-20234: GarrettCom Magnum 6K and 10K Authentication Bypass via Hardcoded String

GarrettCom Magnum 6K and 10K managed switches contain an authentication bypass vulnerability that allows unauthenticated attackers to gain unauthorized access by exploiting a hardcoded string in the authentication mechanism. Attackers can bypass login controls to access administrative functions and sensitive switch configuration without valid credentials.

Published Apr 3, 2026 · Updated Apr 6, 2026

Critical · CVSS 9.8

CVE-2017-20227: JAD 1.5.8e-1kali1 Stack-Based Buffer Overflow

JAD Java Decompiler 1.5.8e-1kali1 and prior contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying overly long input that exceeds buffer boundaries. Attackers can craft malicious input passed to the jad command to overflow the stack and execute a return-oriented programming chain that spawns a shell.

Published Mar 28, 2026 · Updated Apr 1, 2026

High · CVSS 8.6

CVE-2017-20228: Flat Assembler 1.71.21 Stack-Based Buffer Overflow ROP

Flat Assembler 1.71.21 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying oversized input to the application. Attackers can craft malicious assembly input exceeding 5895 bytes to overwrite the instruction pointer and execute return-oriented programming chains for shell command execution.

Published Mar 28, 2026 · Updated Mar 30, 2026

Critical · CVSS 9.8

CVE-2017-20225: TiEmu 2.08 Stack-Based Buffer Overflow Vulnerability

TiEmu 2.08 and prior contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by exploiting inadequate boundary checks on user-supplied input. Attackers can trigger the overflow through command-line arguments passed to the application, leveraging ROP gadgets to bypass protections and execute shellcode in the application context.

Published Mar 28, 2026 · Updated Mar 30, 2026

High · CVSS 8.6

CVE-2017-20226: Mapscrn 2.0.3 Stack-Based Buffer Overflow

Mapscrn 2.0.3 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized input buffer. Attackers can craft a malicious buffer with junk data, return address, NOP instructions, and shellcode to overflow the stack and achieve code execution or denial of service.

Published Mar 28, 2026 · Updated Mar 30, 2026

Critical · CVSS 9.8

CVE-2017-20229: MAWK 1.3.3-17 Stack-Based Buffer Overflow

MAWK 1.3.3-17 and prior contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by exploiting inadequate boundary checks on user-supplied input. Attackers can craft malicious input that overflows the stack buffer and execute a return-oriented programming chain to spawn a shell with application privileges.

Published Mar 28, 2026 · Updated Mar 30, 2026

High · CVSS 8.7

CVE-2017-20217: Serviio PRO 1.8 REST API Information Disclosure

Serviio PRO 1.8 contains an information disclosure vulnerability due to improper access control enforcement in the Configuration REST API that allows unauthenticated attackers to access sensitive information. Remote attackers can send specially crafted requests to the REST API endpoints to retrieve potentially sensitive configuration data without authentication.

Published Mar 15, 2026 · Updated Mar 16, 2026

High · CVSS 8.5

CVE-2017-20218: Serviio PRO 1.8 Local Privilege Escalation via Unquoted Path

Serviio PRO 1.8 contains an unquoted search path vulnerability in the Windows service that allows local users to execute arbitrary code with elevated privileges by placing malicious executables in the system root path. Additionally, improper directory permissions with full access for the Users group allow authenticated users to replace the executable file with arbitrary binaries, enabling privilege escalation during service startup or system reboot.

Published Mar 15, 2026 · Updated Mar 16, 2026

Medium · CVSS 6.1

CVE-2017-20219: Serviio PRO 1.8 DOM-based Cross-Site Scripting via mediabrowser

Serviio PRO 1.8 DLNA Media Streaming Server contains a DOM-based cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious payloads. Attackers can craft URLs with malicious input that is read from document.location and passed to document.write() in the mediabrowser component to execute code in a user's browser context.

Published Mar 15, 2026 · Updated Mar 16, 2026

High · CVSS 8.7

CVE-2017-20220: Serviio PRO 1.8 Unauthenticated Password Change via REST API

Serviio PRO 1.8 contains an improper access control vulnerability in the Configuration REST API that allows unauthenticated attackers to change the mediabrowser login password. Attackers can send specially crafted requests to the REST API endpoints to modify credentials without authentication.

Published Mar 15, 2026 · Updated Mar 16, 2026