Search

Search Results (363619 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-12962 1 Libsass 1 Libsass 2025-04-20 N/A
There are memory leaks in LibSass 3.4.5 triggered by deeply nested code, such as code with a long sequence of open parenthesis characters, leading to a remote denial of service attack.
CVE-2017-12963 1 Libsass 1 Libsass 2025-04-20 N/A
There is an illegal address access in Sass::Eval::operator() in eval.cpp of LibSass 3.4.5, leading to a remote denial of service attack. NOTE: this is similar to CVE-2017-11555 but remains exploitable after the vendor's CVE-2017-11555 fix (available from GitHub after 2017-07-24).
CVE-2017-12964 1 Libsass 1 Libsass 2025-04-20 N/A
There is a stack consumption issue in LibSass 3.4.5 that is triggered in the function Sass::Eval::operator() in eval.cpp. It will lead to a remote denial of service attack.
CVE-2017-12965 1 Apache2triad 1 Apache2triad 2025-04-20 N/A
Session fixation vulnerability in Apache2Triad 1.5.4 allows remote attackers to hijack web sessions via the PHPSESSID parameter.
CVE-2017-12966 1 Asn1c Project 1 Asn1c 2025-04-20 N/A
The asn1f_lookup_symbol_impl function in asn1fix_retrieve.c in libasn1fix.a in asn1c 0.9.28 allows remote attackers to cause a denial of service (segmentation fault) via a crafted .asn1 file.
CVE-2017-12967 1 Gnu 1 Binutils 2025-04-20 N/A
The getsym function in tekhex.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a malformed tekhex binary.
CVE-2017-12969 1 Avaya 1 Ip Office Contact Center 2025-04-20 N/A
Buffer overflow in the ViewerCtrlLib.ViewerCtrl ActiveX control in Avaya IP Office Contact Center before 10.1.1 allows remote attackers to cause a denial of service (heap corruption and crash) or execute arbitrary code via a long string to the open method.
CVE-2017-1297 3 Ibm, Linux, Microsoft 8 Data Server Client, Data Server Driver For Odbc And Cli, Data Server Driver Package and 5 more 2025-04-20 N/A
IBM DB2 for Linux, UNIX and Windows 9.2, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) is vulnerable to a stack-based buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code. IBM X-Force ID: 125159.
CVE-2017-12970 1 Apache2triad 1 Apache2triad 2025-04-20 N/A
Cross-site request forgery (CSRF) vulnerability in Apache2Triad 1.5.4 allows remote attackers to hijack the authentication of authenticated users for requests that (1) add or (2) delete user accounts via a request to phpsftpd/users.php.
CVE-2017-12971 1 Apache2triad 1 Apache2triad 2025-04-20 N/A
Cross-site scripting (XSS) vulnerability in Apache2Triad 1.5.4 allows remote attackers to inject arbitrary web script or HTML via the account parameter to phpsftpd/users.php.
CVE-2017-12972 1 Connect2id 1 Nimbus Jose\+jwt 2025-04-20 N/A
In Nimbus JOSE+JWT before 4.39, there is no integer-overflow check when converting length values from bytes to bits, which allows attackers to conduct HMAC bypass attacks by shifting Additional Authenticated Data (AAD) and ciphertext so that different plaintext is obtained for the same HMAC.
CVE-2017-12973 1 Connect2id 1 Nimbus Jose\+jwt 2025-04-20 N/A
Nimbus JOSE+JWT before 4.39 proceeds improperly after detection of an invalid HMAC in authenticated AES-CBC decryption, which allows attackers to conduct a padding oracle attack.
CVE-2017-12974 1 Connect2id 1 Nimbus Jose\+jwt 2025-04-20 N/A
Nimbus JOSE+JWT before 4.36 proceeds with ECKey construction without ensuring that the public x and y coordinates are on the specified curve, which allows attackers to conduct an Invalid Curve Attack in environments where the JCE provider lacks the applicable curve validation.
CVE-2017-12976 1 Git-annex Project 1 Git-annex 2025-04-20 N/A
git-annex before 6.20170818 allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, as demonstrated by an ssh://-eProxyCommand= URL, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-1000116, and CVE-2017-1000117.
CVE-2017-12977 1 10web 1 Photo Gallery 2025-04-20 N/A
The Web-Dorado "Photo Gallery by WD - Responsive Photo Gallery" plugin before 1.3.51 for WordPress has a SQL injection vulnerability related to bwg_edit_tag() in photo-gallery.php and edit_tag() in admin/controllers/BWGControllerTags_bwg.php. It is exploitable by administrators via the tag_id parameter.
CVE-2017-12978 1 Cacti 1 Cacti 2025-04-20 N/A
lib/html.php in Cacti before 1.1.18 has XSS via the title field of an external link added by an authenticated user.
CVE-2017-12979 1 Dokuwiki 1 Dokuwiki 2025-04-20 N/A
DokuWiki through 2017-02-19c has stored XSS when rendering a malicious language name in a code element, in /inc/parser/xhtml.php. An attacker can create or edit a wiki with this element to trigger JavaScript execution.
CVE-2017-12980 1 Dokuwiki 1 Dokuwiki 2025-04-20 N/A
DokuWiki through 2017-02-19c has stored XSS when rendering a malicious RSS or Atom feed, in /inc/parser/xhtml.php. An attacker can create or edit a wiki that uses RSS or Atom data from an attacker-controlled server to trigger JavaScript execution. The JavaScript can be in an author field, as demonstrated by the dc:creator element.
CVE-2017-12981 1 Nexusphp 1 Nexusphp 2025-04-20 N/A
NexusPHP 1.5.beta5.20120707 has SQL Injection in forummanage.php via the sort parameter in an addforum action.
CVE-2017-12982 1 Uclouvain 1 Openjpeg 2025-04-20 5.5 Medium
The bmp_read_info_header function in bin/jp2/convertbmp.c in OpenJPEG 2.2.0 does not reject headers with a zero biBitCount, which allows remote attackers to cause a denial of service (memory allocation failure) in the opj_image_create function in lib/openjp2/image.c, related to the opj_aligned_alloc_n function in opj_malloc.c.