Export limit exceeded: 10706 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 12017 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (12017 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-8710 1 Microsoft 2 Windows 7, Windows Server 2008 2025-04-20 N/A
The Microsoft Common Console Document (.msc) in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1 allows an attacker to read arbitrary files via an XML external entity (XXE) declaration, due to the way that the Microsoft Common Console Document (.msc) parses XML input containing a reference to an external entity, aka "Windows Information Disclosure Vulnerability".
CVE-2017-14725 1 Wordpress 1 Wordpress 2025-04-20 N/A
Before version 4.8.2, WordPress was susceptible to an open redirect attack in wp-admin/edit-tag-form.php and wp-admin/user-edit.php.
CVE-2017-6267 2 Microsoft, Nvidia 2 Windows, Gpu Driver 2025-04-20 N/A
NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where an incorrect initialization of internal objects can cause an infinite loop which may lead to a denial of service.
CVE-2017-16761 1 Inedo 1 Buildmaster 2025-04-20 N/A
An Open Redirect vulnerability in Inedo BuildMaster before 5.8.2 allows remote attackers to redirect users to arbitrary web sites.
CVE-2017-9617 1 Wireshark 1 Wireshark 2025-04-20 N/A
In Wireshark 2.2.7, deeply nested DAAP data may cause stack exhaustion (uncontrolled recursion) in the dissect_daap_one_tag function in epan/dissectors/packet-daap.c in the DAAP dissector.
CVE-2017-11390 1 Trendmicro 1 Control Manager 2025-04-20 N/A
XML external entity (XXE) processing vulnerability in Trend Micro Control Manager 6.0, if exploited, could lead to information disclosure. Formerly ZDI-CAN-4706.
CVE-2017-8372 1 Underbit 1 Mad Libmad 2025-04-20 N/A
The mad_layer_III function in layer3.c in Underbit MAD libmad 0.15.1b, if NDEBUG is omitted, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted audio file.
CVE-2017-1103 1 Ibm 2 Rational Quality Manager, Rational Team Concert 2025-04-20 N/A
IBM Team Concert (RTC) is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM X-Force ID: 120665.
CVE-2017-16227 2 Debian, Quagga 2 Debian Linux, Quagga 2025-04-20 N/A
The aspath_put function in bgpd/bgp_aspath.c in Quagga before 1.2.2 allows remote attackers to cause a denial of service (session drop) via BGP UPDATE messages, because AS_PATH size calculation for long paths counts certain bytes twice and consequently constructs an invalid message.
CVE-2017-15897 1 Nodejs 1 Node.js 2025-04-20 3.1 Low
Node.js had a bug in versions 8.X and 9.X which caused buffers to not be initialized when the encoding for the fill value did not match the encoding specified. For example, 'Buffer.alloc(0x100, "This is not correctly encoded", "hex");' The buffer implementation was updated such that the buffer will be initialized to all zeros in these cases.
CVE-2017-1156 1 Ibm 1 Websphere Portal 2025-04-20 N/A
IBM WebSphere Portal 8.5 and 9.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force. ID: 122592
CVE-2017-11556 1 Libsass 1 Libsass 2025-04-20 N/A
There is a stack consumption vulnerability in the Parser::advanceToNextToken function in parser.cpp in LibSass 3.4.5. A crafted input may lead to remote denial of service.
CVE-2017-11554 1 Libsass 1 Libsass 2025-04-20 N/A
There is a stack consumption vulnerability in the lex function in parser.hpp (as used in sassc) in LibSass 3.4.5. A crafted input will lead to a remote denial of service.
CVE-2017-11537 1 Imagemagick 1 Imagemagick 2025-04-20 N/A
When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Floating Point Exception (FPE) in the WritePALMImage() function in coders/palm.c, related to an incorrect bits-per-pixel calculation.
CVE-2017-1149 1 Ibm 1 Urbancode Deploy 2025-04-20 N/A
IBM UrbanCode Deploy (UCD) 6.0, 6.1, and 6.2 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM X-Force ID: 122202.
CVE-2017-11482 1 Elastic 1 Kibana 2025-04-20 N/A
The Kibana fix for CVE-2017-8451 was found to be incomplete. With X-Pack installed, Kibana versions before 6.0.1 and 5.6.5 have an open redirect vulnerability on the login page that would enable an attacker to craft a link that redirects to an arbitrary website.
CVE-2017-11457 1 Sap 1 Netweaver Application Server Java 2025-04-20 6.5 Medium
XML external entity (XXE) vulnerability in com.sap.km.cm.ice in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request, aka SAP Security Note 2387249.
CVE-2017-1000135 1 Mahara 1 Mahara 2025-04-20 N/A
Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable as logged-in users can stay logged in after the institution they belong to is suspended.
CVE-2017-1000131 1 Mahara 1 Mahara 2025-04-20 N/A
Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to users staying logged in to their Mahara account even when they have been logged out of Moodle (when using MNet) as Mahara did not properly implement one of the MNet SSO API functions.
CVE-2017-11368 3 Fedoraproject, Mit, Redhat 4 Fedora, Kerberos, Kerberos 5 and 1 more 2025-04-20 N/A
In MIT Kerberos 5 (aka krb5) 1.7 and later, an authenticated attacker can cause a KDC assertion failure by sending invalid S4U2Self or S4U2Proxy requests.