Export limit exceeded: 364834 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364834 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-7208 1 Libav 1 Libav 2025-04-20 N/A
The decode_residual function in libavcodec in libav 9.21 allows remote attackers to cause a denial of service (buffer over-read) or obtain sensitive information from process memory via a crafted h264 video file.
CVE-2017-7210 1 Gnu 1 Binutils 2025-04-20 N/A
objdump in GNU Binutils 2.28 is vulnerable to multiple heap-based buffer over-reads (of size 1 and size 8) while handling corrupt STABS enum type strings in a crafted object file, leading to program crash.
CVE-2017-7213 1 Zohocorp 1 Manageengine Desktop Central 2025-04-20 N/A
Zoho ManageEngine Desktop Central before build 100082 allows remote attackers to obtain control over all connected active desktops via unspecified vectors.
CVE-2017-7214 2 Openstack, Redhat 2 Nova, Openstack 2025-04-20 N/A
An issue was discovered in exception_wrapper.py in OpenStack Nova 13.x through 13.1.3, 14.x through 14.0.4, and 15.x through 15.0.1. Legacy notification exception contexts appearing in ERROR level logs may include sensitive information such as account passwords and authorization tokens.
CVE-2017-7215 1 Misp Project 1 Misp 2025-04-20 N/A
Cross site scripting in some view elements in the index filter tool in app/webroot/js/misp2.4.68.js and the organisation landing page in app/View/Organisations/ajax/landingpage.ctp of MISP before 2.4.69 allows remote attackers to inject arbitrary web script or HTML.
CVE-2017-7216 1 Paloaltonetworks 1 Pan-os 2025-04-20 N/A
The Management Web Interface in Palo Alto Networks PAN-OS before 7.1.9 allows remote authenticated users to obtain sensitive information via unspecified request parameters.
CVE-2017-7217 1 Paloaltonetworks 1 Pan-os 2025-04-20 N/A
The Management Web Interface in Palo Alto Networks PAN-OS before 7.0.14 and 7.1.x before 7.1.9 allows remote attackers to write to export files via unspecified parameters.
CVE-2017-7218 1 Paloaltonetworks 1 Pan-os 2025-04-20 N/A
The Management Web Interface in Palo Alto Networks PAN-OS before 7.1.9 allows remote authenticated users to gain privileges via unspecified request parameters.
CVE-2017-7219 1 Citrix 2 Netscaler Gateway, Netscaler Gateway Firmware 2025-04-20 N/A
A heap overflow vulnerability in Citrix NetScaler Gateway versions 10.1 before 135.8/135.12, 10.5 before 65.11, 11.0 before 70.12, and 11.1 before 52.13 allows a remote authenticated attacker to run arbitrary commands via unspecified vectors.
CVE-2017-7220 1 Opentext 1 Documentum Content Server 2025-04-20 N/A
OpenText Documentum Content Server allows superuser access via sys_obj_save or save of a crafted object, followed by an unauthorized "UPDATE dm_dbo.dm_user_s SET user_privileges=16" command, aka an "RPC save-commands" attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-4532.
CVE-2017-7222 1 Mantisbt 1 Mantisbt 2025-04-20 N/A
A cross-site scripting (XSS) vulnerability in MantisBT before 2.1.1 allows remote attackers to inject arbitrary HTML or JavaScript (if MantisBT's CSP settings permit it) by modifying 'window_title' in the application configuration. This requires privileged access to MantisBT configuration management pages (i.e., administrator access rights) or altering the system configuration file (config_inc.php).
CVE-2017-7223 1 Gnu 1 Binutils 2025-04-20 N/A
GNU assembler in GNU Binutils 2.28 is vulnerable to a global buffer overflow (of size 1) while attempting to unget an EOF character from the input stream, potentially leading to a program crash.
CVE-2017-7224 1 Gnu 1 Binutils 2025-04-20 N/A
The find_nearest_line function in objdump in GNU Binutils 2.28 is vulnerable to an invalid write (of size 1) while disassembling a corrupt binary that contains an empty function name, leading to a program crash.
CVE-2017-7225 1 Gnu 1 Binutils 2025-04-20 N/A
The find_nearest_line function in addr2line in GNU Binutils 2.28 does not handle the case where the main file name and the directory name are both empty, triggering a NULL pointer dereference and an invalid write, and leading to a program crash.
CVE-2017-7226 1 Gnu 1 Binutils 2025-04-20 N/A
The pe_ILF_object_p function in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to a heap-based buffer over-read of size 4049 because it uses the strlen function instead of strnlen, leading to program crashes in several utilities such as addr2line, size, and strings. It could lead to information disclosure as well.
CVE-2017-7227 1 Gnu 1 Binutils 2025-04-20 N/A
GNU linker (ld) in GNU Binutils 2.28 is vulnerable to a heap-based buffer overflow while processing a bogus input script, leading to a program crash. This relates to lack of '\0' termination of a name field in ldlex.l.
CVE-2017-7228 1 Xen 1 Xen 2025-04-20 N/A
An issue (known as XSA-212) was discovered in Xen, with fixes available for 4.8.x, 4.7.x, 4.6.x, 4.5.x, and 4.4.x. The earlier XSA-29 fix introduced an insufficient check on XENMEM_exchange input, allowing the caller to drive hypervisor memory accesses outside of the guest provided input/output arrays.
CVE-2017-7229 1 Vaultive 1 Office 365 Security 2025-04-20 N/A
PGP/MIME encrypted messages injected into a Vaultive O365 (before 4.5.21) frontend via IMAP or SMTP have their Content-Type changed from 'Content-Type: multipart/encrypted; protocol="application/pgp-encrypted"; boundary="abc123abc123"' to 'Content-Type: text/plain' - this results in the encrypted message being structured in such a way that most PGP/MIME-capable mail user agents are unable to decrypt it cleanly. The outcome is that encrypted mail passing through this device does not work (Denial of Service), and a common real-world consequence is a request to resend the mail in the clear (Information Disclosure).
CVE-2017-7230 1 Disksorter 1 Disk Sorter 2025-04-20 N/A
A buffer overflow vulnerability in Disk Sorter Enterprise 9.5.12 and earlier allows remote attackers to execute arbitrary code via a GET request.
CVE-2017-7231 1 Pngdefry Project 1 Pngdefry 2025-04-20 N/A
pngdefry through 2017-03-22 is prone to a heap-based buffer-overflow vulnerability because it fails to properly process a specially crafted png file. This issue affects the 'process()' function of the 'pngdefry.c' source file.