Export limit exceeded: 365307 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 12174 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (12174 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-4312 1 Wso2 1 Identity Server 2025-04-20 N/A
XML external entity (XXE) vulnerability in the XACML flow feature in WSO2 Identity Server 5.1.0 before WSO2-CARBON-PATCH-4.4.0-0231 allows remote authenticated users with access to XACML features to read arbitrary files, cause a denial of service, conduct server-side request forgery (SSRF) attacks, or have unspecified other impact via a crafted XACML request to entitlement/eval-policy-submit.jsp. NOTE: this issue can be combined with CVE-2016-4311 to exploit the vulnerability without credentials.
CVE-2016-4857 1 Splunk 1 Splunk 2025-04-20 N/A
Open redirect vulnerability in Splunk Enterprise 6.4.x prior to 6.4.2, Splunk Enterprise 6.3.x prior to 6.3.6, Splunk Enterprise 6.2.x prior to 6.2.11 and Splunk Light prior to 6.4.2 allows to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
CVE-2017-1002150 1 Fedoraproject 1 Python-fedora 2025-04-20 N/A
python-fedora 0.8.0 and lower is vulnerable to an open redirect resulting in loss of CSRF protection
CVE-2017-16419 1 Adobe 4 Acrobat, Acrobat Dc, Acrobat Reader and 1 more 2025-04-20 N/A
An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The issue is a stack exhaustion problem within the JavaScript API, where the computation does not correctly control the amount of recursion that can happen with respect to system resources.
CVE-2017-1383 1 Ibm 2 Infosphere Information Server, Softlayer 2025-04-20 N/A
IBM InfoSphere Information Server 9.1, 11.3, and 11.5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 127155.
CVE-2016-10371 1 Libtiff 1 Libtiff 2025-04-20 N/A
The TIFFWriteDirectoryTagCheckedRational function in tif_dirwrite.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted TIFF file.
CVE-2016-9399 3 Fedoraproject, Jasper Project, Opensuse 3 Fedora, Jasper, Leap 2025-04-20 7.5 High
The calcstepsizes function in jpc_dec.c in JasPer 1.900.22 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors.
CVE-2017-8915 1 Sap 1 Hana Xs 2025-04-20 N/A
sinopia, as used in SAP HANA XS 1.00 and 2.00, allows remote attackers to cause a denial of service (assertion failure and service crash) by pushing a package with a filename containing a $ (dollar sign) or % (percent) character, aka SAP Security Note 2407694.
CVE-2016-9398 4 Fedoraproject, Jasper Project, Opensuse and 1 more 6 Fedora, Jasper, Leap and 3 more 2025-04-20 7.5 High
The jpc_floorlog2 function in jpc_math.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors.
CVE-2016-9397 2 Fedoraproject, Jasper Project 2 Fedora, Jasper 2025-04-20 7.5 High
The jpc_dequantize function in jpc_dec.c in JasPer 1.900.13 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors.
CVE-2017-16569 1 Zurmo 1 Zurmo Crm 2025-04-20 N/A
An Open URL Redirect issue exists in Zurmo 3.2.1.57987acc3018 via an http: URL in the redirectUrl parameter to app/index.php/meetings/default/createMeeting.
CVE-2017-8932 5 Fedoraproject, Golang, Novell and 2 more 5 Fedora, Go, Suse Package Hub For Suse Linux Enterprise and 2 more 2025-04-20 N/A
A bug in the standard library ScalarMult implementation of curve P-256 for amd64 architectures in Go before 1.7.6 and 1.8.x before 1.8.2 causes incorrect results to be generated for specific input points. An adaptive attack can be mounted to progressively extract the scalar input to ScalarMult by submitting crafted points and observing failures to the derive correct output. This leads to a full key recovery attack against static ECDH, as used in popular JWT libraries.
CVE-2017-16660 1 Cacti 1 Cacti 2025-04-20 N/A
Cacti 1.1.27 allows remote authenticated administrators to conduct Remote Code Execution attacks by placing the Log Path under the web root, and then making a remote_agent.php request containing PHP code in a Client-ip header.
CVE-2017-16761 1 Inedo 1 Buildmaster 2025-04-20 N/A
An Open Redirect vulnerability in Inedo BuildMaster before 5.8.2 allows remote attackers to redirect users to arbitrary web sites.
CVE-2016-9396 2 Jasper Project, Redhat 2 Jasper, Enterprise Linux 2025-04-20 N/A
The JPC_NOMINALGAIN function in jpc/jpc_t1cod.c in JasPer through 2.0.12 allows remote attackers to cause a denial of service (JPC_COX_RFT assertion failure) via unspecified vectors.
CVE-2016-9395 1 Jasper Project 1 Jasper 2025-04-20 N/A
The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.25 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.
CVE-2016-9394 2 Jasper Project, Redhat 2 Jasper, Enterprise Linux 2025-04-20 N/A
The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.
CVE-2016-7038 1 Moodle 1 Moodle 2025-04-20 N/A
In Moodle 2.x and 3.x, web service tokens are not invalidated when the user password is changed or forced to be changed.
CVE-2017-9304 1 Virustotal 1 Yara 2025-04-20 N/A
libyara/re.c in the regexp module in YARA 3.5.0 allows remote attackers to cause a denial of service (stack consumption) via a crafted rule that is mishandled in the _yr_re_emit function.
CVE-2016-9392 2 Jasper Project, Redhat 2 Jasper, Enterprise Linux 2025-04-20 N/A
The calcstepsizes function in jpc_dec.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.