Export limit exceeded: 363821 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363821 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-7552 | 1 Redhat | 1 Mobile Application Platform | 2025-04-20 | N/A |
| A flaw was discovered in the file editor of millicore, affecting versions before 3.19.0 and 4.x before 4.5.0, which allows files to be executed as well as created. An attacker could use this flaw to compromise other users or teams projects stored in source control management of the RHMAP Core installation. | ||||
| CVE-2017-7553 | 1 Redhat | 1 Mobile Application Platform | 2025-04-20 | N/A |
| The external_request api call in App Studio (millicore) allows server side request forgery (SSRF). An attacker could use this flaw to probe the network internal resources, and access restricted endpoints. | ||||
| CVE-2017-7554 | 1 Redhat | 1 Mobile Application Platform | 2025-04-20 | N/A |
| It was found that the App Studio component of RHMAP 4.4 executes javascript provided by a user. An attacker could use this flaw to execute a stored XSS attack on an application administrator using App Studio. | ||||
| CVE-2017-7555 | 2 Augeas, Redhat | 5 Augeas, Enterprise Linux, Rhel Aus and 2 more | 2025-04-20 | N/A |
| Augeas versions up to and including 1.8.0 are vulnerable to heap-based buffer overflow due to improper handling of escaped strings. Attacker could send crafted strings that would cause the application using augeas to copy past the end of a buffer, leading to a crash or possible code execution. | ||||
| CVE-2017-7556 | 1 Hawt | 1 Hawtio | 2025-04-20 | N/A |
| Hawtio versions up to and including 1.5.3 are vulnerable to CSRF vulnerability allowing remote attackers to trick the user to visit their website containing a malicious script which can be submitted to hawtio server on behalf of the user. | ||||
| CVE-2017-7560 | 1 Redhat | 1 Rhnsd | 2025-04-20 | N/A |
| It was found that rhnsd PID files are created as world-writable that allows local attackers to fill the disks or to kill selected processes. | ||||
| CVE-2017-7561 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2025-04-20 | N/A |
| Red Hat JBoss EAP version 3.0.7 through before 4.0.0.Beta1 is vulnerable to a server-side cache poisoning or CORS requests in the JAX-RS component resulting in a moderate impact. | ||||
| CVE-2017-7565 | 1 Splunk | 1 Hadoop Connect | 2025-04-20 | N/A |
| Splunk Hadoop Connect App has a path traversal vulnerability that allows remote authenticated users to execute arbitrary code, aka ERP-2041. | ||||
| CVE-2017-7569 | 1 Vbulletin | 1 Vbulletin | 2025-04-20 | N/A |
| In vBulletin before 5.3.0, remote attackers can bypass the CVE-2016-6483 patch and conduct SSRF attacks by leveraging the behavior of the PHP parse_url function, aka VBV-17037. | ||||
| CVE-2017-7570 | 1 Pivotx | 1 Pivotx | 2025-04-20 | N/A |
| PivotX 2.3.11 allows remote authenticated Advanced users to execute arbitrary PHP code by performing an upload with a safe file extension (such as .jpg) and then invoking the duplicate function to change to the .php extension. | ||||
| CVE-2017-7571 | 1 Ladybirdweb | 1 Faveo Helpdesk | 2025-04-20 | 8.0 High |
| public/rolechangeadmin in Faveo 1.9.3 allows CSRF. The impact is obtaining admin privileges. | ||||
| CVE-2017-7572 | 1 Backintime Project | 1 Backintime | 2025-04-20 | N/A |
| The _checkPolkitPrivilege function in serviceHelper.py in Back In Time (aka backintime) 1.1.18 and earlier uses a deprecated polkit authorization method (unix-process) that is subject to a race condition (time of check, time of use). With this authorization method, the owner of a process requesting a polkit operation is checked by polkitd via /proc/<pid>/status, by which time the requesting process may have been replaced by a different process with the same PID that has different privileges then the original requester. | ||||
| CVE-2017-7576 | 1 Dragonwavex | 2 Horizon Wireless Radio, Horizon Wireless Radio Firmware | 2025-04-20 | 9.8 Critical |
| DragonWave Horizon 1.01.03 wireless radios have hardcoded login credentials (such as the username of energetic and password of wireless) meant to allow the vendor to access the devices. These credentials can be used in the web interface or by connecting to the device via TELNET. This is fixed in recent versions including 1.4.8. | ||||
| CVE-2017-7577 | 1 Xiongmaitech | 1 Uc-httpd | 2025-04-20 | N/A |
| XiongMai uc-httpd has directory traversal allowing the reading of arbitrary files via a "GET ../" HTTP request. | ||||
| CVE-2017-7578 | 1 Libming | 1 Libming | 2025-04-20 | N/A |
| Multiple heap-based buffer overflows in parser.c in libming 0.4.7 allow remote attackers to cause a denial of service (listswf application crash) or possibly have unspecified other impact via a crafted SWF file. NOTE: this issue exists because of an incomplete fix for CVE-2016-9831. | ||||
| CVE-2017-7579 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-04-20 | N/A |
| inc/PMF/Faq.php in phpMyFAQ before 2.9.7 has XSS in the question field. | ||||
| CVE-2017-7581 | 1 News System Project | 1 News System | 2025-04-20 | N/A |
| SQL injection vulnerability in NewsController.php in the News module 5.3.2 and earlier for TYPO3 allows unauthenticated users to execute arbitrary SQL commands via vectors involving overwriteDemand for order and OrderByAllowed. | ||||
| CVE-2017-7583 | 1 Ilias | 1 Ilias | 2025-04-20 | N/A |
| ILIAS before 5.2.3 has XSS via SVG documents. | ||||
| CVE-2017-7584 | 1 Foxitsoftware | 1 Foxit Pdf Toolkit | 2025-04-20 | N/A |
| Memory Corruption Vulnerability in Foxit PDF Toolkit before 2.1 allows an attacker to cause Denial of Service & Remote Code Execution when a victim opens a specially crafted PDF file. | ||||
| CVE-2017-7585 | 1 Libsndfile Project | 1 Libsndfile | 2025-04-20 | N/A |
| In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" function (flac.c) can be exploited to cause a stack-based buffer overflow via a specially crafted FLAC file. | ||||