Export limit exceeded: 21145 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 12173 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (12173 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-22569 3 Google, Oracle, Redhat 14 Google-protobuf, Protobuf-java, Protobuf-kotlin and 11 more 2025-04-21 7.5 High
An issue in protobuf-java allowed the interleaving of com.google.protobuf.UnknownFieldSet fields in such a way that would be processed out of order. A small malicious payload can occupy the parser for several minutes by creating large numbers of short-lived objects that cause frequent, repeated pauses. We recommend upgrading libraries beyond the vulnerable versions.
CVE-2021-22572 1 Google 1 Data Transfer Project 2025-04-21 5.5 Medium
On unix-like systems, the system temporary directory is shared between all users on that system. The root cause is File.createTempFile creates files in the the system temporary directory with world readable permissions. Any sensitive information written to theses files is visible to all other local users on unix-like systems. We recommend upgrading past commit https://github.com/google/data-transfer-project/pull/969
CVE-2022-40150 3 Debian, Jettison Project, Redhat 11 Debian Linux, Jettison, Amq Streams and 8 more 2025-04-21 6.5 Medium
Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by Out of memory. This effect may support a denial of service attack.
CVE-2022-46144 1 Siemens 12 6gk5622-2gs00-2ac2, 6gk5622-2gs00-2ac2 Firmware, 6gk5626-2gs00-2ac2 and 9 more 2025-04-21 6.5 Medium
A vulnerability has been identified in SCALANCE SC622-2C (6GK5622-2GS00-2AC2) (All versions < V2.3), SCALANCE SC622-2C (6GK5622-2GS00-2AC2) (All versions >= V2.3 < V3.0), SCALANCE SC626-2C (6GK5626-2GS00-2AC2) (All versions < V2.3), SCALANCE SC626-2C (6GK5626-2GS00-2AC2) (All versions >= V2.3 < V3.0), SCALANCE SC632-2C (6GK5632-2GS00-2AC2) (All versions < V2.3), SCALANCE SC632-2C (6GK5632-2GS00-2AC2) (All versions >= V2.3 < V3.0), SCALANCE SC636-2C (6GK5636-2GS00-2AC2) (All versions < V2.3), SCALANCE SC636-2C (6GK5636-2GS00-2AC2) (All versions >= V2.3 < V3.0), SCALANCE SC642-2C (6GK5642-2GS00-2AC2) (All versions < V2.3), SCALANCE SC642-2C (6GK5642-2GS00-2AC2) (All versions >= V2.3 < V3.0), SCALANCE SC646-2C (6GK5646-2GS00-2AC2) (All versions < V2.3), SCALANCE SC646-2C (6GK5646-2GS00-2AC2) (All versions >= V2.3 < V3.0), SCALANCE WAM763-1 (6GK5763-1AL00-7DA0) (All versions < V2.0.0), SCALANCE WAM766-1 (6GK5766-1GE00-7DA0) (All versions < V2.0.0), SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0) (All versions < V2.0.0), SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0) (All versions < V2.0.0), SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0) (All versions < V2.0.0), SCALANCE WUM763-1 (6GK5763-1AL00-3AA0) (All versions < V2.0.0), SCALANCE WUM763-1 (6GK5763-1AL00-3DA0) (All versions < V2.0.0), SCALANCE WUM766-1 (6GK5766-1GE00-3DA0) (All versions < V2.0.0), SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0) (All versions < V2.0.0). Affected devices do not properly process CLI commands after a user forcefully quitted the SSH connection. This could allow an authenticated attacker to make the CLI via SSH or serial interface irresponsive.
CVE-2017-9499 1 Imagemagick 1 Imagemagick 2025-04-20 N/A
In ImageMagick 7.0.5-7 Q16, an assertion failure was found in the function SetPixelChannelAttributes, which allows attackers to cause a denial of service via a crafted file.
CVE-2017-6055 1 Eparaksts 1 Eparakstitajs 3 2025-04-20 N/A
XML external entity (XXE) vulnerability in eParakstitajs 3 before 1.3.9 and eParaksts Java lib before 2.5.13 allows remote attackers to read arbitrary files or possibly have unspecified other impact via a crafted edoc file.
CVE-2017-9543 1 Echatserver 1 Easy Chat Server 2025-04-20 7.5 High
register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1 allows remote attackers to reset arbitrary passwords via a crafted POST request to registresult.htm.
CVE-2017-9501 1 Imagemagick 1 Imagemagick 2025-04-20 N/A
In ImageMagick 7.0.5-7 Q16, an assertion failure was found in the function LockSemaphoreInfo, which allows attackers to cause a denial of service via a crafted file.
CVE-2017-9500 1 Imagemagick 1 Imagemagick 2025-04-20 N/A
In ImageMagick 7.0.5-8 Q16, an assertion failure was found in the function ResetImageProfileIterator, which allows attackers to cause a denial of service via a crafted file.
CVE-2017-0745 1 Google 1 Android 2025-04-20 N/A
A remote code execution vulnerability in the Android media framework (avc decoder). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37079296.
CVE-2017-9464 1 Piwigo 1 Piwigo 2025-04-20 N/A
An open redirect vulnerability is present in Piwigo 2.9 and probably prior versions, allowing remote attackers to redirect users to arbitrary web sites and conduct phishing attacks. The identification.php component is affected by this issue: the "redirect" parameter is not validated.
CVE-2017-9458 1 Paloaltonetworks 1 Pan-os 2025-04-20 N/A
XML external entity (XXE) vulnerability in the GlobalProtect internal and external gateway interface in Palo Alto Networks PAN-OS before 6.1.18, 7.0.x before 7.0.17, 7.1.x before 7.1.12, and 8.0.x before 8.0.3 allows remote attackers to obtain sensitive information, cause a denial of service, or conduct server-side request forgery (SSRF) attacks via unspecified vectors.
CVE-2017-9096 1 Itextpdf 1 Itext 2025-04-20 N/A
The XML parsers in iText before 5.5.12 and 7.x before 7.0.3 do not disable external entities, which might allow remote attackers to conduct XML external entity (XXE) attacks via a crafted PDF.
CVE-2017-9438 1 Virustotal 1 Yara 2025-04-20 N/A
libyara/re.c in the regexp module in YARA 3.5.0 allows remote attackers to cause a denial of service (stack consumption) via a crafted rule (involving hex strings) that is mishandled in the _yr_re_emit function, a different vulnerability than CVE-2017-9304.
CVE-2017-1149 1 Ibm 1 Urbancode Deploy 2025-04-20 N/A
IBM UrbanCode Deploy (UCD) 6.0, 6.1, and 6.2 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM X-Force ID: 122202.
CVE-2017-10910 1 Mqtt.js Project 1 Mqtt.js 2025-04-20 N/A
MQTT.js 2.x.x prior to 2.15.0 issue in handling PUBLISH tickets may lead to an attacker causing a denial-of-service condition.
CVE-2017-8710 1 Microsoft 2 Windows 7, Windows Server 2008 2025-04-20 N/A
The Microsoft Common Console Document (.msc) in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1 allows an attacker to read arbitrary files via an XML external entity (XXE) declaration, due to the way that the Microsoft Common Console Document (.msc) parses XML input containing a reference to an external entity, aka "Windows Information Disclosure Vulnerability".
CVE-2017-8621 1 Microsoft 1 Exchange Server 2025-04-20 N/A
Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5 allows an open redirect vulnerability that could lead to spoofing, aka "Microsoft Exchange Open Redirect Vulnerability".
CVE-2017-8613 1 Microsoft 1 Azure Active Directory Connect 2025-04-20 N/A
Azure AD Connect Password writeback, if misconfigured during enablement, allows an attacker to reset passwords and gain unauthorized access to arbitrary on-premises AD privileged user accounts aka "Azure AD Connect Elevation of Privilege Vulnerability."
CVE-2017-8576 1 Microsoft 2 Windows 10, Windows Server 2016 2025-04-20 N/A
The graphics component in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to run arbitrary code in kernel mode via a specially crafted application, aka "Microsoft Graphics Component Elevation of Privilege Vulnerability."