Export limit exceeded: 12157 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (12157 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-13751 2 Fedoraproject, Jasper Project 2 Fedora, Jasper 2025-04-20 7.5 High
There is a reachable assertion abort in the function calcstepsizes() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service attack.
CVE-2017-0544 1 Google 1 Android 2025-04-20 N/A
An elevation of privilege vulnerability in CameraBase could enable a local malicious application to execute arbitrary code. This issue is rated as High because it is a local arbitrary code execution in a privileged process. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-31992879.
CVE-2014-3630 2 Lightbend, Playframework 2 Play Framework, Play Framework 2025-04-20 N/A
XML external entity (XXE) vulnerability in the Java XML processing functionality in Play before 2.2.6 and 2.3.x before 2.3.5 might allow remote attackers to read arbitrary files, cause a denial of service, or have unspecified other impact via crafted XML data.
CVE-2016-9691 1 Ibm 1 Websphere Cast Iron Solution 2025-04-20 N/A
IBM WebSphere Cast Iron Solution 7.0.0 and 7.5.0.0 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM X-Force ID: 119515.
CVE-2015-4070 1 Wow New Media 1 Wow Moodboard Lite 2025-04-20 N/A
Open redirect vulnerability in the proxyimages function in wowproxy.php in the Wow Moodboard Lite plugin 1.1.1.1 for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter.
CVE-2017-2308 1 Juniper 1 Junos Space 2025-04-20 N/A
An XML External Entity Injection vulnerability in Juniper Networks Junos Space versions prior to 16.1R1 may allow an authenticated user to read arbitrary files on the device.
CVE-2016-7433 2 Ntp, Redhat 2 Ntp, Enterprise Linux 2025-04-20 N/A
NTP before 4.2.8p9 does not properly perform the initial sync calculations, which allows remote attackers to unspecified impact via unknown vectors, related to a "root distance that did not include the peer dispersion."
CVE-2017-14101 1 Changehealthcare 1 Conserus Image Repository 2025-04-20 N/A
A security researcher found an XML External Entity (XXE) vulnerability on the Conserus Image Repository archive solution version 2.1.1.105 by McKesson Medical Imaging Company, which is now a Change Healthcare company. An unauthenticated user supplying a modified HTTP SOAP request to the vulnerable service allows for arbitrary file read access to the local file system as well as the transmittal of the application service's account hashed credentials to a remote attacker.
CVE-2017-14102 1 Mimedefang 1 Mimedefang 2025-04-20 N/A
MIMEDefang 2.80 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command, as demonstrated by the init-script.in and mimedefang-init.in scripts.
CVE-2017-5615 1 Cpanel 2 Cgiecho, Cgiemail 2025-04-20 N/A
cgiemail and cgiecho allow remote attackers to inject HTTP headers via a newline character in the redirect location.
CVE-2017-5634 1 Norwegian-air 1 Norwegian Air Kiosk 2025-04-20 N/A
The Norwegian Air Shuttle (aka norwegian.com) airline kiosk allows physically proximate attackers to bypass the intended "Please select booking identification" UI step, and obtain administrative privileges and network access on the underlying Windows OS, by accessing a touch-screen print icon to manipulate the print dialog.
CVE-2015-5608 1 Joomla 1 Joomla\! 2025-04-20 N/A
Open redirect vulnerability in Joomla! CMS 3.0.0 through 3.4.1.
CVE-2017-18005 3 Debian, Exiv2, Redhat 3 Debian Linux, Exiv2, Enterprise Linux 2025-04-20 5.5 Medium
Exiv2 0.26 has a Null Pointer Dereference in the Exiv2::DataValue::toLong function in value.cpp, related to crafted metadata in a TIFF file.
CVE-2017-14759 1 Opentext 1 Document Sciences Xpression 2025-04-20 N/A
OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to an XML External Entity vulnerability: /xFramework/services/QuickDoc.QuickDocHttpSoap11Endpoint/. An unauthenticated user is able to read directory listings or system files, or cause SSRF or Denial of Service.
CVE-2017-6895 1 Usb Pratirodh Project 1 Usb Pratirodh 2025-04-20 N/A
USB Pratirodh allows remote attackers to conduct XML External Entity (XXE) attacks via XML data in usb.xml.
CVE-2017-1477 1 Ibm 1 Security Access Manager 9.0 Firmware 2025-04-20 N/A
IBM Security Access Manager Appliance 9.0.3 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 128612.
CVE-2016-9262 2 Jasper Project, Redhat 2 Jasper, Enterprise Linux 2025-04-20 N/A
Multiple integer overflows in the (1) jas_realloc function in base/jas_malloc.c and (2) mem_resize function in base/jas_stream.c in JasPer before 1.900.22 allow remote attackers to cause a denial of service via a crafted image, which triggers use after free vulnerabilities.
CVE-2017-2766 1 Emc 1 Documentum Eroom 2025-04-20 N/A
EMC Documentum eRoom version 7.4.4, EMC Documentum eRoom version 7.4.4 SP1, EMC Documentum eRoom version prior to 7.4.5 P04, EMC Documentum eRoom version prior to 7.5.0 P01 includes an unverified password change vulnerability that could potentially be exploited by malicious users to compromise the affected system.
CVE-2017-14868 1 Restlet 1 Restlet 2025-04-20 N/A
Restlet Framework before 2.3.11, when using SimpleXMLProvider, allows remote attackers to access arbitrary files via an XXE attack in a REST API HTTP request. This affects use of the Jax-rs extension.
CVE-2017-14895 1 Google 1 Android 2025-04-20 N/A
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, after a subsystem reset, iwpriv is not giving correct information.