Search Results (12202 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-1322 1 Ibm 1 Api Connect 2025-04-20 N/A
IBM API Connect 5.0.6.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume memory resources. IBM X-Force ID: 125918.
CVE-2017-14358 1 Hp 2 Arcsight Enterprise Security Manager, Arcsight Enterprise Security Manager Express 2025-04-20 N/A
A URL redirection to untrusted site vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. This vulnerability could be exploited remotely to allow URL redirection to untrusted site.
CVE-2017-14649 1 Graphicsmagick 1 Graphicsmagick 2025-04-20 N/A
ReadOneJNGImage in coders/png.c in GraphicsMagick version 1.3.26 does not properly validate JNG data, leading to a denial of service (assertion failure in magick/pixel_cache.c, and application crash).
CVE-2017-14681 1 P3scan Project 1 P3scan 2025-04-20 N/A
The daemon in P3Scan 3.0_rc1 and earlier creates a p3scan.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for p3scan.pid modification before a root script executes a "kill `cat /pathname/p3scan.pid`" command, as demonstrated by etc/init.d/p3scan.
CVE-2017-14725 1 Wordpress 1 Wordpress 2025-04-20 N/A
Before version 4.8.2, WordPress was susceptible to an open redirect attack in wp-admin/edit-tag-form.php and wp-admin/user-edit.php.
CVE-2017-14759 1 Opentext 1 Document Sciences Xpression 2025-04-20 N/A
OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to an XML External Entity vulnerability: /xFramework/services/QuickDoc.QuickDocHttpSoap11Endpoint/. An unauthenticated user is able to read directory listings or system files, or cause SSRF or Denial of Service.
CVE-2017-1477 1 Ibm 1 Security Access Manager 9.0 Firmware 2025-04-20 N/A
IBM Security Access Manager Appliance 9.0.3 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 128612.
CVE-2017-14861 1 Exiv2 1 Exiv2 2025-04-20 N/A
There is a stack consumption vulnerability in the Exiv2::Internal::stringFormat function of image.cpp in Exiv2 0.26. A Crafted input will lead to a remote denial of service attack.
CVE-2017-14868 1 Restlet 1 Restlet 2025-04-20 N/A
Restlet Framework before 2.3.11, when using SimpleXMLProvider, allows remote attackers to access arbitrary files via an XXE attack in a REST API HTTP request. This affects use of the Jax-rs extension.
CVE-2017-1489 1 Ibm 6 Security Access Manager, Security Access Manager For Mobile, Security Access Manager For Web and 3 more 2025-04-20 N/A
IBM Security Access Manager 6.1, 7.0, 8.0, and 9.0 e-community configurations may be affected by a redirect vulnerability. ECSSO Master Authentication can redirect to a server not participating in an e-community domain. IBM X-Force ID: 128687.
CVE-2017-14895 1 Google 1 Android 2025-04-20 N/A
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, after a subsystem reset, iwpriv is not giving correct information.
CVE-2017-1558 1 Ibm 2 Maximo Asset Management, Maximo Asset Management Essentials 2025-04-20 N/A
IBM Maximo Asset Management 7.5 and 7.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 131548.
CVE-2017-15592 1 Xen 1 Xen 2025-04-20 N/A
An issue was discovered in Xen through 4.9.x allowing x86 HVM guest OS users to cause a denial of service (hypervisor crash) or possibly gain privileges because self-linear shadow mappings are mishandled for translated guests.
CVE-2017-15639 1 Getmura 1 Mura Cms 2025-04-20 N/A
tasks/feed/readRSS.cfm in Mura CMS before 6.2 allows attackers to bypass intended access restrictions by leveraging the "draggable feeds" feature.
CVE-2017-16419 1 Adobe 4 Acrobat, Acrobat Dc, Acrobat Reader and 1 more 2025-04-20 N/A
An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The issue is a stack exhaustion problem within the JavaScript API, where the computation does not correctly control the amount of recursion that can happen with respect to system resources.
CVE-2017-16569 1 Zurmo 1 Zurmo Crm 2025-04-20 N/A
An Open URL Redirect issue exists in Zurmo 3.2.1.57987acc3018 via an http: URL in the redirectUrl parameter to app/index.php/meetings/default/createMeeting.
CVE-2017-17087 3 Canonical, Debian, Vim 3 Ubuntu Linux, Debian Linux, Vim 2025-04-20 5.5 Medium
fileio.c in Vim prior to 8.0.1263 sets the group ownership of a .swp file to the editor's primary group (which may be different from the group ownership of the original file), which allows local users to obtain sensitive information by leveraging an applicable group membership, as demonstrated by /etc/shadow owned by root:shadow mode 0640, but /etc/.shadow.swp owned by root:users mode 0640, a different vulnerability than CVE-2017-1000382.
CVE-2017-17852 2 Debian, Linux 2 Debian Linux, Linux Kernel 2025-04-20 7.8 High
kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging mishandling of 32-bit ALU ops.
CVE-2017-17853 2 Debian, Linux 2 Debian Linux, Linux Kernel 2025-04-20 7.8 High
kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging incorrect BPF_RSH signed bounds calculations.
CVE-2017-2217 1 W3eden 1 Download Manager 2025-04-20 N/A
Open redirect vulnerability in WordPress Download Manager prior to version 2.9.51 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.