Search Results (12155 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-7515 1 Freedesktop 1 Poppler 2025-04-20 N/A
poppler through version 0.55.0 is vulnerable to an uncontrolled recursion in pdfunite resulting into potential denial-of-service.
CVE-2016-10149 3 Debian, Pysaml2 Project, Redhat 3 Debian Linux, Pysaml2, Openstack 2025-04-20 N/A
XML External Entity (XXE) vulnerability in PySAML2 4.4.0 and earlier allows remote attackers to read arbitrary files via a crafted SAML XML request or response.
CVE-2017-7664 1 Apache 1 Openmeetings 2025-04-20 N/A
Uploaded XML documents were not correctly validated in Apache OpenMeetings 3.1.0.
CVE-2017-13151 1 Google 1 Android 2025-04-20 N/A
A remote code execution vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-63874456.
CVE-2017-12138 1 Xoops 1 Xoops 2025-04-20 N/A
XOOPS Core 2.5.8 has a stored URL redirect bypass vulnerability in /modules/profile/index.php because of the URL filter.
CVE-2017-14038 1 Crushftp 1 Crushftp 2025-04-20 N/A
CrushFTP before 7.8.0 and 8.x before 8.2.0 has a redirect vulnerability.
CVE-2017-0170 1 Microsoft 6 Windows 10, Windows 7, Windows 8.1 and 3 more 2025-04-20 N/A
Windows Performance Monitor in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an information disclosure vulnerability due to the way it parses XML input, aka "Windows Performance Monitor Information Disclosure Vulnerability".
CVE-2017-12135 3 Citrix, Debian, Xen 3 Xenserver, Debian Linux, Xen 2025-04-20 N/A
Xen allows local OS guest users to cause a denial of service (crash) or possibly obtain sensitive information or gain privileges via vectors involving transitive grants.
CVE-2017-10889 1 Tablepress 1 Tablepress 2025-04-20 N/A
TablePress prior to version 1.8.1 allows an attacker to conduct XML External Entity (XXE) attacks via unspecified vectors.
CVE-2017-8185 1 Huawei 2 Me906s-158, Me906s-158 Firmware 2025-04-20 N/A
ME906s-158 earlier than ME906S_Installer_13.1805.10.3 versions has a privilege elevation vulnerability. An attacker could exploit this vulnerability to modify the configuration information containing malicious files and trick users into executing the files, resulting in the execution of arbitrary code.
CVE-2017-14013 1 Prominent 2 Multiflex M10a Controller, Multiflex M10a Controller Firmware 2025-04-20 N/A
A Client-Side Enforcement of Server-Side Security issue was discovered in ProMinent MultiFLEX M10a Controller web interface. The log out function in the application removes the user's session only on the client side. This may allow an attacker to bypass protection mechanisms, gain privileges, or assume the identity of an authenticated user.
CVE-2016-6805 1 Apache 1 Ignite 2025-04-20 N/A
Apache Ignite before 1.9 allows man-in-the-middle attackers to read arbitrary files via XXE in modified update-notifier documents.
CVE-2016-10003 1 Squid-cache 1 Squid 2025-04-20 7.5 High
Incorrect HTTP Request header comparison in Squid HTTP Proxy 3.5.0.1 through 3.5.22, and 4.0.1 through 4.0.16 results in Collapsed Forwarding feature mistakenly identifying some private responses as being suitable for delivery to multiple clients.
CVE-2016-6020 1 Ibm 1 Sterling B2b Integrator 2025-04-20 N/A
IBM Sterling B2B Integrator Standard Edition could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim.
CVE-2017-12216 1 Cisco 1 Socialminer 2025-04-20 N/A
A vulnerability in the web-based user interface of Cisco SocialMiner could allow an unauthenticated, remote attacker to have read and write access to information stored in the affected system. The vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing an XML file. An attacker could exploit this vulnerability by convincing the administrator of an affected system to import a crafted XML file with malicious entries, which could allow the attacker to read and write files and execute remote code within the application. Cisco Bug IDs: CSCvf47946.
CVE-2016-10127 1 Pysaml2 Project 1 Pysaml2 2025-04-20 N/A
PySAML2 allows remote attackers to conduct XML external entity (XXE) attacks via a crafted SAML XML request or response.
CVE-2017-13752 2 Fedoraproject, Jasper Project 2 Fedora, Jasper 2025-04-20 7.5 High
There is a reachable assertion abort in the function jpc_dequantize() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service attack.
CVE-2017-13751 2 Fedoraproject, Jasper Project 2 Fedora, Jasper 2025-04-20 7.5 High
There is a reachable assertion abort in the function calcstepsizes() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service attack.
CVE-2017-13658 1 Imagemagick 1 Imagemagick 2025-04-20 N/A
In ImageMagick before 6.9.9-3 and 7.x before 7.0.6-3, there is a missing NULL check in the ReadMATImage function in coders/mat.c, leading to a denial of service (assertion failure and application exit) in the DestroyImageInfo function in MagickCore/image.c.
CVE-2017-13153 1 Google 1 Android 2025-04-20 N/A
An elevation of privilege vulnerability in the Android media framework (libaudioservice). Product: Android. Versions: 8.0. Android ID A-65280854.