Latest CVE Feed
-
4.3
MEDIUMCVE-2017-5118
Blink in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, failed to correctly propagate CSP restrictions to javascript scheme pages, which allowed a remote attacker to bypass content security policy via a craf... Read more
- Published: Oct. 27, 2017
- Modified: Apr. 20, 2025
-
8.8
HIGHCVE-2017-5080
A use after free in credit card autofill in Google Chrome prior to 59.0.3071.86 for Linux and Windows allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.... Read more
- Published: Oct. 27, 2017
- Modified: Apr. 20, 2025
-
3.5
LOWCVE-2017-5190
NetIQ Access Manager 4.2 before SP3 HF1 and 4.3 before SP1 HF1, when configured as a SAML 2.0 Identity Server with Virtual Attributes, has a concurrency issue causing information leakage, related to a stale profile.... Read more
Affected Products : access_manager- Published: Apr. 20, 2017
- Modified: Apr. 20, 2025
-
8.8
HIGHCVE-2017-5088
Insufficient validation of untrusted input in V8 in Google Chrome prior to 59.0.3071.104 for Mac, Windows, and Linux, and 59.0.3071.117 for Android, allowed a remote attacker to perform out of bounds memory access via a crafted HTML page.... Read more
- Published: Oct. 27, 2017
- Modified: Apr. 20, 2025
-
5.3
MEDIUMCVE-2017-5107
A timing attack in SVG rendering in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to extract pixel values from a cross-origin page being iframe'd via a crafted HTML page.... Read more
- Published: Oct. 27, 2017
- Modified: Apr. 20, 2025
-
5.3
MEDIUMCVE-2017-5160
An Inadequate Encryption Strength issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. The software will connect via Transport Layer Security without verifying the peer's SSL certificate properly.... Read more
Affected Products : wonderware_intouch_access_anywhere- Published: Apr. 20, 2017
- Modified: Apr. 20, 2025
-
4.3
MEDIUMCVE-2017-5102
Use of an uninitialized value in Skia in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.... Read more
- Published: Oct. 27, 2017
- Modified: Apr. 20, 2025
-
6.5
MEDIUMCVE-2017-5101
Inappropriate implementation in Omnibox in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to spoof the contents of the Omnibox via a crafted HTML page.... Read more
- Published: Oct. 27, 2017
- Modified: Apr. 20, 2025
-
8.8
HIGHCVE-2017-5114
Inappropriate use of partition alloc in PDFium in Google Chrome prior to 61.0.3163.79 for Linux, Windows, and Mac, and 61.0.3163.81 for Android, allowed a remote attacker to potentially exploit memory corruption via a crafted PDF file.... Read more
- Published: Oct. 27, 2017
- Modified: Apr. 20, 2025
-
4.3
MEDIUMCVE-2017-5109
Inappropriate implementation of unload handler handling in permission prompts in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to display UI on a non attacker controlled tab via a crafted HTML page.... Read more
- Published: Oct. 27, 2017
- Modified: Apr. 20, 2025
-
7.5
HIGHCVE-2017-5146
An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware Version A11_U05, and VMU-C PV prior to firmware Version A17. Sensitive information is stored in clear-text.... Read more
- Published: Feb. 13, 2017
- Modified: Apr. 20, 2025
-
7.6
HIGHCVE-2017-5165
An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. There is no CSRF Token generated per page and/or per (sensitive) function. Successful exploitation of this vulnerability can allow silent execution of unauthorized a... Read more
- Published: Feb. 13, 2017
- Modified: Apr. 20, 2025
-
8.8
HIGHCVE-2017-5122
Inappropriate use of table size handling in V8 in Google Chrome prior to 61.0.3163.100 for Windows allowed a remote attacker to trigger out-of-bounds access via a crafted HTML page.... Read more
- Published: Oct. 27, 2017
- Modified: Apr. 20, 2025
-
9.1
CRITICALCVE-2017-5135
Certain Technicolor devices have an SNMP access-control bypass, possibly involving an ISP customization in some cases. The Technicolor (formerly Cisco) DPC3928SL with firmware D3928SL-P15-13-A386-c3420r55105-160127a could be reached by any SNMP community ... Read more
- Published: Apr. 27, 2017
- Modified: Apr. 20, 2025
-
8.8
HIGHCVE-2017-5108
Type confusion in PDFium in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to potentially maliciously modify objects via a crafted PDF file.... Read more
- Published: Oct. 27, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2017-5140
An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. Password is stored in clear text.... Read more
- Published: Feb. 13, 2017
- Modified: Apr. 20, 2025
-
10.0
HIGHCVE-2017-5162
An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. Lack of authentication for remote service gives access to application set up and configuration.... Read more
- Published: Feb. 13, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2017-5159
An issue was discovered on Phoenix Contact mGuard devices that have been updated to Version 8.4.0. When updating an mGuard device to Version 8.4.0 via the update-upload facility, the update will succeed, but it will reset the password of the admin user to... Read more
Affected Products : mguard_firmware- Published: Feb. 13, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2017-5139
An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. Any user is able to disclose a password by accessing a specific URL, because of Plaintext Storage of a Password.... Read more
- Published: Feb. 13, 2017
- Modified: Apr. 20, 2025
-
10.0
CRITICALCVE-2017-5145
An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware Version A11_U05, and VMU-C PV prior to firmware Version A17. Successful exploitation of this CROSS-SITE REQUEST FORGERY (CSRF) vulnerability can allow execution of unauthorized actions on... Read more
- Published: Feb. 13, 2017
- Modified: Apr. 20, 2025