Export limit exceeded: 363851 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363851 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-12634 2 Apache, Redhat 3 Camel, Jboss Amq, Jboss Fuse 2025-04-20 N/A
The camel-castor component in Apache Camel 2.x before 2.19.4 and 2.20.x before 2.20.1 is vulnerable to Java object de-serialisation vulnerability. De-serializing untrusted data can lead to security flaws.
CVE-2017-12635 1 Apache 1 Couchdb 2025-04-20 N/A
Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to submit _users documents with duplicate keys for 'roles' used for access control within the database, including the special case '_admin' role, that denotes administrative users. In combination with CVE-2017-12636 (Remote Code Execution), this can be used to give non-admin users access to arbitrary shell commands on the server as the database system user. The JSON parser differences result in behaviour that if two 'roles' keys are available in the JSON, the second one will be used for authorising the document write, but the first 'roles' key is used for subsequent authorization for the newly created user. By design, users can not assign themselves roles. The vulnerability allows non-admin users to give themselves admin privileges.
CVE-2017-12636 1 Apache 1 Couchdb 2025-04-20 N/A
CouchDB administrative users can configure the database server via HTTP(S). Some of the configuration options include paths for operating system-level binaries that are subsequently launched by CouchDB. This allows an admin user in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to execute arbitrary shell commands as the CouchDB user, including downloading and executing scripts from the public internet.
CVE-2017-12650 1 Loginizer 1 Loginizer 2025-04-20 N/A
SQL Injection exists in the Loginizer plugin before 1.3.6 for WordPress via the X-Forwarded-For HTTP header.
CVE-2017-12638 1 Ipswitch 1 Imail Server 2025-04-20 N/A
Stack based buffer overflow in Ipswitch IMail server up to and including 12.5.5 allows remote attackers to execute arbitrary code via unspecified vectors in IMmailSrv, aka ETBL or ETCETERABLUE.
CVE-2017-12639 1 Ipswitch 1 Imail Server 2025-04-20 N/A
Stack based buffer overflow in Ipswitch IMail server up to and including 12.5.5 allows remote attackers to execute arbitrary code via unspecified vectors in IMmailSrv, aka ETRE or ETCTERARED.
CVE-2017-1264 1 Ibm 1 Security Guardium 2025-04-20 N/A
IBM Security Guardium 10.0 does not prove or insufficiently proves that the actors identity is correct which can lead to exposure of resources or functionality to unintended actors. IBM X-Force ID: 124739.
CVE-2017-12640 2 Debian, Imagemagick 2 Debian Linux, Imagemagick 2025-04-20 8.8 High
ImageMagick 7.0.6-1 has an out-of-bounds read vulnerability in ReadOneMNGImage in coders/png.c.
CVE-2017-12641 1 Imagemagick 1 Imagemagick 2025-04-20 8.8 High
ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadOneJNGImage in coders\png.c.
CVE-2017-12642 1 Imagemagick 1 Imagemagick 2025-04-20 N/A
ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadMPCImage in coders\mpc.c.
CVE-2017-12651 1 Loginizer 1 Loginizer 2025-04-20 N/A
Cross Site Request Forgery (CSRF) exists in the Blacklist and Whitelist IP Wizard in init.php in the Loginizer plugin before 1.3.6 for WordPress because the HTTP Referer header is not checked.
CVE-2017-12643 2 Debian, Imagemagick 2 Debian Linux, Imagemagick 2025-04-20 6.5 Medium
ImageMagick 7.0.6-1 has a memory exhaustion vulnerability in ReadOneJNGImage in coders\png.c.
CVE-2017-12644 1 Imagemagick 1 Imagemagick 2025-04-20 8.8 High
ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadDCMImage in coders\dcm.c.
CVE-2017-12645 1 Liferay 1 Liferay Portal 2025-04-20 N/A
XSS exists in Liferay Portal before 7.0 CE GA4 via an invalid portletId.
CVE-2017-12646 1 Liferay 1 Liferay Portal 2025-04-20 N/A
XSS exists in Liferay Portal before 7.0 CE GA4 via a login name, password, or e-mail address.
CVE-2017-12647 1 Liferay 1 Liferay Portal 2025-04-20 N/A
XSS exists in Liferay Portal before 7.0 CE GA4 via a Knowledge Base article title.
CVE-2017-12648 1 Liferay 1 Liferay Portal 2025-04-20 N/A
XSS exists in Liferay Portal before 7.0 CE GA4 via a bookmark URL.
CVE-2017-12649 1 Liferay 1 Liferay Portal 2025-04-20 N/A
XSS exists in Liferay Portal before 7.0 CE GA4 via a crafted title or summary that is mishandled in the Web Content Display.
CVE-2017-12653 1 360totalsecurity 1 360 Total Security 2025-04-20 N/A
360 Total Security 9.0.0.1202 before 2017-07-07 allows Privilege Escalation via a Trojan horse Shcore.dll file in any directory in the PATH, as demonstrated by the C:\Python27 directory.
CVE-2017-12654 1 Imagemagick 1 Imagemagick 2025-04-20 N/A
The ReadPICTImage function in coders/pict.c in ImageMagick 7.0.6-3 allows attackers to cause a denial of service (memory leak) via a crafted file.