Export limit exceeded: 365174 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (365174 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-12875 1 Imagemagick 1 Imagemagick 2025-04-20 N/A
The WritePixelCachePixels function in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (CPU consumption) via a crafted file.
CVE-2017-12876 1 Imagemagick 1 Imagemagick 2025-04-20 6.5 Medium
Heap-based buffer overflow in enhance.c in ImageMagick before 7.0.6-6 allows remote attackers to cause a denial of service via a crafted file.
CVE-2017-12877 3 Canonical, Debian, Imagemagick 3 Ubuntu Linux, Debian Linux, Imagemagick 2025-04-20 6.5 Medium
Use-after-free vulnerability in the DestroyImage function in image.c in ImageMagick before 7.0.6-6 allows remote attackers to cause a denial of service via a crafted file.
CVE-2017-12879 1 Paessler 1 Prtg Network Monitor 2025-04-20 N/A
Cross-site scripting (XSS-STORED) vulnerability in the DEVICES OR SENSORS functionality in Paessler PRTG Network Monitor before 17.3.33.2654 allows authenticated remote attackers to inject arbitrary web script or HTML.
CVE-2017-12881 1 Spring Batch Admin Project 1 Spring Batch Admin 2025-04-20 N/A
Cross-site request forgery (CSRF) vulnerability in the Spring Batch Admin before 1.3.0 allows remote attackers to hijack the authentication of unspecified victims and submit arbitrary requests, such as exploiting the file upload vulnerability.
CVE-2017-12882 1 Spring Batch Admin Project 1 Spring Batch Admin 2025-04-20 N/A
Stored Cross-site scripting (XSS) vulnerability in Spring Batch Admin before 1.3.0 allows remote authenticated users to inject arbitrary JavaScript or HTML via the file upload functionality.
CVE-2017-12883 1 Perl 1 Perl 2025-04-20 N/A
Buffer overflow in the S_grok_bslash_N function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to disclose sensitive information or cause a denial of service (application crash) via a crafted regular expression with an invalid '\N{U+...}' escape.
CVE-2017-1289 2 Ibm, Redhat 3 Sdk, Network Satellite, Rhel Extras 2025-04-20 N/A
IBM SDK, Java Technology Edition is vulnerable XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume memory resources. IBM X-Force ID: 125150.
CVE-2017-12892 1 Foxitsoftware 1 Pdf Compressor 2025-04-20 7.8 High
Foxit PDF Compressor installers from versions from 7.0.0.183 to 7.7.2.10 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer.
CVE-2017-1290 1 Ibm 1 Openpages Grc Platform 2025-04-20 N/A
IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125151.
CVE-2017-12900 2 Redhat, Tcpdump 2 Enterprise Linux, Tcpdump 2025-04-20 N/A
Several protocol parsers in tcpdump before 4.9.2 could cause a buffer over-read in util-print.c:tok2strbuf().
CVE-2017-12904 2 Debian, Newsbeuter 2 Debian Linux, Newsbeuter 2025-04-20 N/A
Improper Neutralization of Special Elements used in an OS Command in bookmarking function of Newsbeuter versions 0.7 through 2.9 allows remote attackers to perform user-assisted code execution by crafting an RSS item that includes shell code in its title and/or URL.
CVE-2017-12905 1 Vebto 1 Pixie - Image Editor 2025-04-20 10.0 Critical
Server Side Request Forgery vulnerability in Vebto Pixie Image Editor 1.4 and 1.7 allows remote attackers to disclose information or execute arbitrary code via the url parameter to Launderer.php.
CVE-2017-12906 1 Nexusphp Project 1 Nexusphp 2025-04-20 N/A
Multiple cross-site scripting (XSS) vulnerabilities in NexusPHP allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) cheaters.php or (2) confirm_resend.php.
CVE-2017-12907 1 Nexusphp Project 1 Nexusphp 2025-04-20 N/A
Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via the url path to usersearch.php.
CVE-2017-12908 1 Nexusphp Project 1 Nexusphp 2025-04-20 N/A
SQL injection vulnerability in takeconfirm.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the conusr parameter.
CVE-2017-12909 1 Nexusphp Project 1 Nexusphp 2025-04-20 N/A
SQL injection vulnerability in modtask.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the userid parameter.
CVE-2017-1291 1 Ibm 2 Maximo Asset Management, Maximo Asset Management Essentials 2025-04-20 N/A
IBM Maximo Asset Management 7.5 and 7.6 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 125152.
CVE-2017-12910 1 Nexusphp Project 1 Nexusphp 2025-04-20 N/A
SQL injection vulnerability in massmail.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the or parameter.
CVE-2017-12911 1 Mp3gain 1 Mp3gain 2025-04-20 N/A
The "apetag.c" file in MP3Gain 1.5.2.r2 has a vulnerability which results in a stack memory corruption when opening a crafted MP3 file.