Export limit exceeded: 362705 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 26235 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (26235 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-6094 1 Genexis 1 Gaps 2025-04-20 N/A
CPEs used by subscribers on the access network receive their individual configuration settings from a central GAPS instance. A CPE identifies itself by the MAC address of its WAN interface and a certain "chk" value (48bit) derived from the MAC. The algorithm used to compute the "chk" was disclosed by reverse engineering the CPE's firmware. As a result, it is possible to forge valid "chk" values for any given MAC address and therefore receive the configuration settings of other subscribers' CPEs. The configuration settings often contain sensitive values, for example credentials (username/password) for VoIP services. This issue affects Genexis B.V. GAPS up to 7.2.
CVE-2016-9165 1 Ca 2 Unified Infrastructure Management, Unified Infrastructure Management Snap 2025-04-20 N/A
The get_sessions servlet in CA Unified Infrastructure Management (formerly CA Nimsoft Monitor) before 8.5 and CA Unified Infrastructure Management Snap (formerly CA Nimsoft Monitor Snap) allows remote attackers to obtain active session ids and consequently bypass authentication or gain privileges via unspecified vectors.
CVE-2017-7606 1 Imagemagick 1 Imagemagick 2025-04-20 N/A
coders/rle.c in ImageMagick 7.0.5-4 has an "outside the range of representable values of type unsigned char" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.
CVE-2017-12775 1 Question2answer 1 Question2answer 2025-04-20 N/A
qa-include/qa-install.php in Question2Answer before 1.7.5 allows remote attackers to create multiple user accounts.
CVE-2017-14589 1 Atlassian 1 Bamboo 2025-04-20 N/A
It was possible for double OGNL evaluation in FreeMarker templates through Struts FreeMarker tags to occur. An attacker who has restricted administration rights to Bamboo or who hosts a website that a Bamboo administrator visits, is able to exploit this vulnerability to execute Java code of their choice on systems that run a vulnerable version of Bamboo. All versions of Bamboo before 6.1.6 (the fixed version for 6.1.x) and from 6.2.0 before 6.2.5 (the fixed version for 6.2.x) are affected by this vulnerability.
CVE-2017-15185 1 Libmp3splt Project 1 Libmp3splt 2025-04-20 N/A
plugins/ogg.c in Libmp3splt 0.9.2 calls the libvorbis vorbis_block_clear function with uninitialized data upon detection of invalid input, which allows remote attackers to cause a denial of service (application crash) via a crafted file.
CVE-2017-6837 1 Audiofile 1 Audiofile 2025-04-20 N/A
WAVE.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via vectors related to a large number of coefficients.
CVE-2017-1126 1 Ibm 2 Integration Bus, Websphere Message Broker 2025-04-20 N/A
IBM WebSphere Message Broker (IBM Integration Bus 9.0 and 10.0) could allow an unauthorized user to obtain sensitive information about software versions that could lead to further attacks. IBM X-Force ID: 121341.
CVE-2016-5988 1 Ibm 1 Security Privileged Identity Manager 2025-04-20 N/A
IBM Security Privileged Identity Manager Virtual Appliance could disclose sensitive information in generated error messages that would be available to an authenticated user.
CVE-2017-0872 1 Google 1 Android 2025-04-20 N/A
A remote code execution vulnerability in the Android media framework (libskia). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-65290323.
CVE-2017-0873 1 Google 1 Android 2025-04-20 N/A
A denial of service vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-63316255.
CVE-2016-10351 1 Telegram Desktop 1 Telegram Desktop 2025-04-20 N/A
Telegram Desktop 0.10.19 uses 0755 permissions for $HOME/.TelegramDesktop, which allows local users to obtain sensitive authentication information via standard filesystem operations.
CVE-2017-12676 1 Imagemagick 1 Imagemagick 2025-04-20 N/A
In ImageMagick 7.0.6-3, a memory leak vulnerability was found in the function ReadOneJNGImage in coders/png.c, which allows attackers to cause a denial of service.
CVE-2017-11782 1 Microsoft 2 Windows 10, Windows Server 2016 2025-04-20 N/A
The Microsoft Server Block Message (SMB) on Microsoft Windows 10 1607 and Windows Server 2016, allows an elevation of privilege vulnerability when an attacker sends specially crafted requests to the server, aka "Windows SMB Elevation of Privilege Vulnerability".
CVE-2017-12670 1 Imagemagick 1 Imagemagick 2025-04-20 N/A
In ImageMagick 7.0.6-3, missing validation was found in coders/mat.c, leading to an assertion failure in the function DestroyImage in MagickCore/image.c, which allows attackers to cause a denial of service.
CVE-2017-1267 1 Ibm 1 Security Guardium 2025-04-20 N/A
IBM Security Guardium 10.0 and 10.1 processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code. IBM X-Force ID: 124742.
CVE-2017-15121 1 Redhat 8 Enterprise Linux, Enterprise Linux Desktop, Enterprise Linux Server and 5 more 2025-04-20 N/A
A non-privileged user is able to mount a fuse filesystem on RHEL 6 or 7 and crash a system if an application punches a hole in a file that does not end aligned to a page boundary.
CVE-2017-14511 1 Sap 1 E-recruiting 2025-04-20 N/A
An issue was discovered in SAP E-Recruiting (aka ERECRUIT) 605 through 617. When an external applicant registers to the E-Recruiting application, he/she receives a link by email to confirm access to the provided email address. However, this measure can be bypassed and attackers can register and confirm email addresses that they do not have access to (candidate_hrobject is predictable and corr_act_guid is improperly validated). Furthermore, since an email address can be registered only once, an attacker could prevent other legitimate users from registering. This is SAP Security Note 2507798.
CVE-2016-10362 1 Elasticsearch 1 Output Plugin 2025-04-20 N/A
Prior to Logstash version 5.0.1, Elasticsearch Output plugin when updating connections after sniffing, would log to file HTTP basic auth credentials.
CVE-2017-14509 1 Sugarcrm 1 Sugarcrm 2025-04-20 N/A
An issue was discovered in SugarCRM before 7.7.2.3, 7.8.x before 7.8.2.2, and 7.9.x before 7.9.2.0 (and Sugar Community Edition 6.5.26). A remote file inclusion has been identified in the Connectors module allowing authenticated users to include remotely accessible system files via a module=CallRest&url= query string. Proper input validation has been added to mitigate this issue.