Search Results (12174 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-8739 2 Apache, Redhat 3 Cxf, Jboss Amq, Jboss Fuse 2025-04-20 N/A
The JAX-RS module in Apache CXF prior to 3.0.12 and 3.1.x prior to 3.1.9 provides a number of Atom JAX-RS MessageBodyReaders. These readers use Apache Abdera Parser which expands XML entities by default which represents a major XXE risk.
CVE-2016-8763 1 Huawei 6 P8 Lite, P8 Lite Firmware, P9 and 3 more 2025-04-20 N/A
The TrustZone driver in Huawei P9 phones with software Versions earlier than EVA-AL10C00B352 and P9 Lite with software VNS-L21C185B130 and earlier versions and P8 Lite with software ALE-L02C636B150 and earlier versions has an improper resource release vulnerability, which allows attackers to cause a system restart or privilege elevation.
CVE-2016-9691 1 Ibm 1 Websphere Cast Iron Solution 2025-04-20 N/A
IBM WebSphere Cast Iron Solution 7.0.0 and 7.5.0.0 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM X-Force ID: 119515.
CVE-2016-9698 1 Ibm 1 Rational Rhapsody Design Manager 2025-04-20 N/A
IBM Rhapsody DM 4.0, 5.0, and 6.0 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 1999960.
CVE-2016-9706 1 Ibm 2 Integration Bus, Websphere Message Broker 2025-04-20 N/A
IBM Integration Bus 9.0 and 10.0 and WebSphere Message Broker SOAP FLOWS is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 1997918.
CVE-2016-9707 1 Ibm 7 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 4 more 2025-04-20 N/A
IBM Jazz Foundation is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 2000784.
CVE-2016-9724 1 Ibm 1 Qradar Security Information And Event Manager 2025-04-20 N/A
IBM QRadar 7.2 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 1999537.
CVE-2017-0211 1 Microsoft 5 Windows 10, Windows 8.1, Windows Rt 8.1 and 2 more 2025-04-20 N/A
An elevation of privilege vulnerability exists in Windows 10, Windows 8.1, Windows RT 8.1, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 versions of Microsoft Windows OLE when it fails an integrity-level check, aka "Windows OLE Elevation of Privilege Vulnerability."
CVE-2017-0215 1 Microsoft 2 Windows 10, Windows Server 2016 2025-04-20 N/A
Microsoft Windows 10 1607 and Windows Server 2016 allow an attacker to exploit a security feature bypass vulnerability in Device Guard that could allow the attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This CVE ID is unique from CVE-2017-0173, CVE-2017-0216, CVE-2017-0218, and CVE-2017-0219.
CVE-2017-0342 2 Microsoft, Nvidia 2 Windows, Gpu Driver 2025-04-20 N/A
All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler where incorrect calculation may cause an invalid address access leading to denial of service or potential escalation of privileges.
CVE-2017-0375 1 Torproject 1 Tor 2025-04-20 N/A
The hidden-service feature in Tor before 0.3.0.8 allows a denial of service (assertion failure and daemon exit) in the relay_send_end_cell_from_edge_ function via a malformed BEGIN cell.
CVE-2017-0376 2 Debian, Torproject 2 Debian Linux, Tor 2025-04-20 N/A
The hidden-service feature in Tor before 0.3.0.8 allows a denial of service (assertion failure and daemon exit) in the connection_edge_process_relay_cell function via a BEGIN_DIR cell on a rendezvous circuit.
CVE-2017-1000013 1 Phpmyadmin 1 Phpmyadmin 2025-04-20 N/A
phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to an open redirect weakness
CVE-2017-1000021 1 Logicaldoc 1 Logicaldoc 2025-04-20 N/A
LogicalDoc Community Edition 7.5.3 and prior is vulnerable to XXE when indexing XML documents.
CVE-2017-1000027 1 Koozali 1 Sme Server 2025-04-20 N/A
Koozali Foundation SME Server versions 8.x, 9.x, 10.x are vulnerable to an open URL redirect vulnerability in the user web login function resulting in unauthorized account access.
CVE-2017-1000061 2 Redhat, Xmlsec Project 2 Enterprise Linux, Xmlsec 2025-04-20 N/A
xmlsec 1.2.23 and before is vulnerable to XML External Entity Expansion when parsing crafted input documents, resulting in possible information disclosure or denial of service
CVE-2017-1000070 1 Oauth2 Proxy Project 1 Oauth2 Proxy 2025-04-20 N/A
The Bitly oauth2_proxy in version 2.1 and earlier was affected by an open redirect vulnerability during the start and termination of the 2-legged OAuth flow. This issue was caused by improper input validation and a violation of RFC-6819
CVE-2017-1000117 2 Git-scm, Redhat 4 Git, Enterprise Linux, Mobile Application Platform and 1 more 2025-04-20 N/A
A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an unsuspecting victim could be tricked into running "git clone --recurse-submodules" to trigger the vulnerability.
CVE-2017-1000135 1 Mahara 1 Mahara 2025-04-20 N/A
Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable as logged-in users can stay logged in after the institution they belong to is suspended.
CVE-2017-1000136 1 Mahara 1 Mahara 2025-04-20 N/A
Mahara 1.8 before 1.8.6 and 1.9 before 1.9.4 and 1.10 before 1.10.1 and 15.04 before 15.04.0 are vulnerable to old sessions not being invalidated after a password change.