Export limit exceeded: 366276 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 23535 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 12213 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (12213 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-14101 1 Changehealthcare 1 Conserus Image Repository 2025-04-20 N/A
A security researcher found an XML External Entity (XXE) vulnerability on the Conserus Image Repository archive solution version 2.1.1.105 by McKesson Medical Imaging Company, which is now a Change Healthcare company. An unauthenticated user supplying a modified HTTP SOAP request to the vulnerable service allows for arbitrary file read access to the local file system as well as the transmittal of the application service's account hashed credentials to a remote attacker.
CVE-2017-14038 1 Crushftp 1 Crushftp 2025-04-20 N/A
CrushFTP before 7.8.0 and 8.x before 8.2.0 has a redirect vulnerability.
CVE-2017-14013 1 Prominent 2 Multiflex M10a Controller, Multiflex M10a Controller Firmware 2025-04-20 N/A
A Client-Side Enforcement of Server-Side Security issue was discovered in ProMinent MultiFLEX M10a Controller web interface. The log out function in the application removes the user's session only on the client side. This may allow an attacker to bypass protection mechanisms, gain privileges, or assume the identity of an authenticated user.
CVE-2017-14007 1 Prominent 2 Multiflex M10a Controller, Multiflex M10a Controller Firmware 2025-04-20 N/A
An Insufficient Session Expiration issue was discovered in ProMinent MultiFLEX M10a Controller web interface. The user's session is available for an extended period beyond the last activity, allowing an attacker to reuse an old session for authorization.
CVE-2014-0225 3 Pivotal Software, Redhat, Vmware 4 Spring Framework, Jboss Amq, Jboss Fuse and 1 more 2025-04-20 N/A
When processing user provided XML documents, the Spring Framework 4.0.0 to 4.0.4, 3.0.0 to 3.2.8, and possibly earlier unsupported versions did not disable by default the resolution of URI references in a DTD declaration. This enabled an XXE attack.
CVE-2017-14005 1 Prominent 2 Multiflex M10a Controller, Multiflex M10a Controller Firmware 2025-04-20 N/A
An Unverified Password Change issue was discovered in ProMinent MultiFLEX M10a Controller web interface. When setting a new password for a user, the application does not require the user to know the original password. An attacker who is authenticated could change a user's password, enabling future access and possible configuration changes.
CVE-2017-1398 1 Ibm 1 Websphere Commerce 2025-04-20 N/A
IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 6.0, 7.0, and 8.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 127385.
CVE-2017-1383 1 Ibm 2 Infosphere Information Server, Softlayer 2025-04-20 N/A
IBM InfoSphere Information Server 9.1, 11.3, and 11.5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 127155.
CVE-2016-8376 1 Kabona Ab 1 Webdatorcentral 2025-04-20 N/A
An issue was discovered in Kabona AB WebDatorCentral (WDC) application prior to Version 3.4.0. This non-validated redirect/non-validated forward (OPEN REDIRECT) allows chaining with authenticated vulnerabilities.
CVE-2016-8368 1 Mitsubishielectric 6 Qj71e71-100, Qj71e71-100 Firmware, Qj71e71-b2 and 3 more 2025-04-20 8.6 High
An issue was discovered in Mitsubishi Electric Automation MELSEC-Q series Ethernet interface modules QJ71E71-100, all versions, QJ71E71-B5, all versions, and QJ71E71-B2, all versions. The affected Ethernet interface module is connected to a MELSEC-Q PLC, which may allow a remote attacker to connect to the PLC via Port 5002/TCP and cause a denial of service, requiring the PLC to be reset to resume operation. This is caused by an Unrestricted Externally Accessible Lock.
CVE-2017-1322 1 Ibm 1 Api Connect 2025-04-20 N/A
IBM API Connect 5.0.6.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume memory resources. IBM X-Force ID: 125918.
CVE-2016-8348 1 Emerson 1 Liebert Sitescan Web 2025-04-20 N/A
An XML External Entity (XXE) issue was discovered in Emerson Liebert SiteScan Web Version 6.5, and prior. An attacker may enter malicious input to Liebert SiteScan through a weakly configured XML parser causing the application to execute arbitrary code or disclose file contents from a server or connected network.
CVE-2017-13153 1 Google 1 Android 2025-04-20 N/A
An elevation of privilege vulnerability in the Android media framework (libaudioservice). Product: Android. Versions: 8.0. Android ID A-65280854.
CVE-2017-13151 1 Google 1 Android 2025-04-20 N/A
A remote code execution vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-63874456.
CVE-2014-8119 3 Fedoraproject, Netcf Project, Redhat 3 Fedora, Netcf, Enterprise Linux 2025-04-20 N/A
The find_ifcfg_path function in netcf before 0.2.7 might allow attackers to cause a denial of service (application crash) via vectors involving augeas path expressions.
CVE-2017-13143 1 Imagemagick 1 Imagemagick 2025-04-20 N/A
In ImageMagick before 6.9.7-6 and 7.x before 7.0.4-6, the ReadMATImage function in coders/mat.c uses uninitialized data, which might allow remote attackers to obtain sensitive information from process memory.
CVE-2017-13132 1 Imagemagick 1 Imagemagick 2025-04-20 N/A
In ImageMagick 7.0.6-8, the WritePDFImage function in coders/pdf.c operates on an incorrect data structure in the "dump uncompressed PseudoColor packets" step, which allows attackers to cause a denial of service (assertion failure in WriteBlobStream in MagickCore/blob.c) via a crafted file.
CVE-2017-1254 1 Ibm 1 Security Guardium 2025-04-20 N/A
IBM Security Guardium 10.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume memory resources. IBM X-Force ID: 124634.
CVE-2014-9942 1 Google 1 Android 2025-04-20 N/A
In Boot in all Android releases from CAF using the Linux kernel, a Use of Uninitialized Variable vulnerability could potentially exist.
CVE-2015-3880 1 Phpbb 1 Phpbb 2025-04-20 N/A
Open redirect vulnerability in phpBB before 3.0.14 and 3.1.x before 3.1.4 allows remote attackers to redirect users of Google Chrome to arbitrary web sites and conduct phishing attacks via unspecified vectors.