Export limit exceeded: 362704 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (3173 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-9394 | 2 Jasper Project, Redhat | 2 Jasper, Enterprise Linux | 2025-04-20 | N/A |
| The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via a crafted file. | ||||
| CVE-2016-9392 | 2 Jasper Project, Redhat | 2 Jasper, Enterprise Linux | 2025-04-20 | N/A |
| The calcstepsizes function in jpc_dec.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via a crafted file. | ||||
| CVE-2017-12216 | 1 Cisco | 1 Socialminer | 2025-04-20 | N/A |
| A vulnerability in the web-based user interface of Cisco SocialMiner could allow an unauthenticated, remote attacker to have read and write access to information stored in the affected system. The vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing an XML file. An attacker could exploit this vulnerability by convincing the administrator of an affected system to import a crafted XML file with malicious entries, which could allow the attacker to read and write files and execute remote code within the application. Cisco Bug IDs: CSCvf47946. | ||||
| CVE-2016-9390 | 2 Jasper Project, Redhat | 2 Jasper, Enterprise Linux | 2025-04-20 | N/A |
| The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.14 allows remote attackers to cause a denial of service (assertion failure) via a crafted image file. | ||||
| CVE-2017-13727 | 1 Libtiff | 1 Libtiff | 2025-04-20 | N/A |
| There is a reachable assertion abort in the function TIFFWriteDirectoryTagSubifd() in LibTIFF 4.0.8, related to tif_dirwrite.c and a SubIFD tag. A crafted input will lead to a remote denial of service attack. | ||||
| CVE-2017-1219 | 1 Ibm | 1 Bigfix Platform | 2025-04-20 | N/A |
| IBM Tivoli Endpoint Manager is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 123859. | ||||
| CVE-2016-7051 | 1 Fasterxml | 1 Jackson-dataformat-xml | 2025-04-20 | 8.6 High |
| XmlMapper in the Jackson XML dataformat component (aka jackson-dataformat-xml) before 2.7.8 and 2.8.x before 2.8.4 allows remote attackers to conduct server-side request forgery (SSRF) attacks via vectors related to a DTD. | ||||
| CVE-2017-12168 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2025-04-20 | 6.0 Medium |
| The access_pmu_evcntr function in arch/arm64/kvm/sys_regs.c in the Linux kernel before 4.8.11 allows privileged KVM guest OS users to cause a denial of service (assertion failure and host OS crash) by accessing the Performance Monitors Cycle Count Register (PMCCNTR). | ||||
| CVE-2017-12960 | 1 Gnu | 1 Pspp | 2025-04-20 | N/A |
| There is a reachable assertion abort in the function dict_rename_var() in data/dictionary.c of the libpspp library in GNU PSPP before 1.0.1 that will lead to remote denial of service. | ||||
| CVE-2017-11692 | 1 Yaml-cpp Project | 1 Yaml-cpp | 2025-04-20 | N/A |
| The function "Token& Scanner::peek" in scanner.cpp in yaml-cpp 0.5.3 and earlier allows remote attackers to cause a denial of service (assertion failure and application exit) via a '!2' string. | ||||
| CVE-2015-5171 | 2 Cloudfoundry, Pivotal Software | 3 Cf-release, Cloud Foundry Elastic Runtime, Cloud Foundry Uaa | 2025-04-20 | 9.8 Critical |
| The password change functionality in Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact by leveraging failure to expire existing sessions. | ||||
| CVE-2016-9389 | 2 Jasper Project, Redhat | 2 Jasper, Enterprise Linux | 2025-04-20 | N/A |
| The jpc_irct and jpc_iict functions in jpc_mct.c in JasPer before 1.900.14 allow remote attackers to cause a denial of service (assertion failure). | ||||
| CVE-2017-11368 | 3 Fedoraproject, Mit, Redhat | 4 Fedora, Kerberos, Kerberos 5 and 1 more | 2025-04-20 | N/A |
| In MIT Kerberos 5 (aka krb5) 1.7 and later, an authenticated attacker can cause a KDC assertion failure by sending invalid S4U2Self or S4U2Proxy requests. | ||||
| CVE-2017-7664 | 1 Apache | 1 Openmeetings | 2025-04-20 | N/A |
| Uploaded XML documents were not correctly validated in Apache OpenMeetings 3.1.0. | ||||
| CVE-2017-12629 | 4 Apache, Canonical, Debian and 1 more | 9 Solr, Ubuntu Linux, Debian Linux and 6 more | 2025-04-20 | 9.8 Critical |
| Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. Elasticsearch, although it uses Lucene, is NOT vulnerable to this. Note that the XML external entity expansion vulnerability occurs in the XML Query Parser which is available, by default, for any query request with parameters deftype=xmlparser and can be exploited to upload malicious data to the /upload request handler or as Blind XXE using ftp wrapper in order to read arbitrary local files from the Solr server. Note also that the second vulnerability relates to remote code execution using the RunExecutableListener available on all affected versions of Solr. | ||||
| CVE-2017-10889 | 1 Tablepress | 1 Tablepress | 2025-04-20 | N/A |
| TablePress prior to version 1.8.1 allows an attacker to conduct XML External Entity (XXE) attacks via unspecified vectors. | ||||
| CVE-2015-7241 | 1 Sap | 1 Netweaver | 2025-04-20 | N/A |
| XML External Entity (XXE) vulnerability in SAP Netweaver before 7.01. | ||||
| CVE-2017-5661 | 1 Apache | 1 Formatting Objects Processor | 2025-04-20 | N/A |
| In Apache FOP before 2.2, files lying on the filesystem of the server which uses FOP can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a full compromise of the server - including confidential or sensitive files - would be possible. XXE can also be used to attack the availability of the server via denial of service as the references within a xml document can trivially trigger an amplification attack. | ||||
| CVE-2014-7851 | 2 Ovirt, Redhat | 3 Ovirt, Ovirt-engine, Rhev Manager | 2025-04-20 | N/A |
| oVirt 3.2.2 through 3.5.0 does not invalidate the restapi session after logout from the webadmin, which allows remote authenticated users with knowledge of another user's session data to gain that user's privileges by replacing their session token with that of another user. | ||||
| CVE-2017-3548 | 1 Oracle | 1 Peoplesoft Enterprise Peopletools | 2025-04-20 | N/A |
| Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Integration Broker). Supported versions that are affected are 8.54 and 8.55. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of PeopleSoft Enterprise PeopleTools. CVSS 3.0 Base Score 6.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L). | ||||