Export limit exceeded: 364818 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 364818 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364818 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-14055 1 Ffmpeg 1 Ffmpeg 2025-04-20 N/A
In libavformat/mvdec.c in FFmpeg 3.3.3, a DoS in mv_read_header() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted MV file, which claims a large "nb_frames" field in the header but does not contain sufficient backing data, is provided, the loop over the frames would consume huge CPU and memory resources, since there is no EOF check inside the loop.
CVE-2017-14056 1 Ffmpeg 1 Ffmpeg 2025-04-20 N/A
In libavformat/rl2.c in FFmpeg 3.3.3, a DoS in rl2_read_header() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted RL2 file, which claims a large "frame_count" field in the header but does not contain sufficient backing data, is provided, the loops (for offset and size tables) would consume huge CPU and memory resources, since there is no EOF check inside these loops.
CVE-2017-14057 1 Ffmpeg 1 Ffmpeg 2025-04-20 N/A
In FFmpeg 3.3.3, a DoS in asf_read_marker() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted ASF file, which claims a large "name_len" or "count" field in the header but does not contain sufficient backing data, is provided, the loops over the name and markers would consume huge CPU and memory resources, since there is no EOF check inside these loops.
CVE-2017-14058 1 Ffmpeg 1 Ffmpeg 2025-04-20 N/A
In FFmpeg 2.4 and 3.3.3, the read_data function in libavformat/hls.c does not restrict reload attempts for an insufficient list, which allows remote attackers to cause a denial of service (infinite loop).
CVE-2017-14059 1 Ffmpeg 1 Ffmpeg 2025-04-20 N/A
In FFmpeg 3.3.3, a DoS in cine_read_header() due to lack of an EOF check might cause huge CPU and memory consumption. When a crafted CINE file, which claims a large "duration" field in the header but does not contain sufficient backing data, is provided, the image-offset parsing loop would consume huge CPU and memory resources, since there is no EOF check inside the loop.
CVE-2017-14060 2 Canonical, Imagemagick 2 Ubuntu Linux, Imagemagick 2025-04-20 N/A
In ImageMagick 7.0.6-10, a NULL Pointer Dereference issue is present in the ReadCUTImage function in coders/cut.c that could allow an attacker to cause a Denial of Service (in the QueueAuthenticPixelCacheNexus function within the MagickCore/cache.c file) by submitting a malformed image file.
CVE-2017-14061 1 Gnu 1 Libidn2 2025-04-20 N/A
Integer overflow in the _isBidi function in bidi.c in Libidn2 before 2.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact.
CVE-2017-14062 2 Debian, Gnu 2 Debian Linux, Libidn2 2025-04-20 9.8 Critical
Integer overflow in the decode_digit function in puny_decode.c in Libidn2 before 2.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact.
CVE-2017-14063 2 Asynchttpclient Project, Redhat 2 Async-http-client, Jboss Fuse 2025-04-20 N/A
Async Http Client (aka async-http-client) before 2.0.35 can be tricked into connecting to a host different from the one extracted by java.net.URI if a '?' character occurs in a fragment identifier. Similar bugs were previously identified in cURL (CVE-2016-8624) and Oracle Java 8 java.net.URL.
CVE-2017-14064 4 Canonical, Debian, Redhat and 1 more 11 Ubuntu Linux, Debian Linux, Enterprise Linux and 8 more 2025-04-20 N/A
Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during a JSON.generate call. The issues lies in using strdup in ext/json/ext/generator/generator.c, which will stop after encountering a '\0' byte, returning a pointer to a string of length zero, which is not the length stored in space_len.
CVE-2017-14069 1 Nexusphp 1 Nexusphp 2025-04-20 N/A
SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the usernw array parameter to nowarn.php.
CVE-2017-1407 1 Ibm 3 Security Identity Governance And Intelligence, Security Identity Manager, Security Privileged Identity Manager 2025-04-20 8.8 High
IBM Security Identity Manager Virtual Appliance 6.0 and 7.0 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 127394.
CVE-2017-14070 1 Nexusphp 1 Nexusphp 2025-04-20 N/A
Cross Site Scripting (XSS) exists in NexusPHP 1.5.beta5.20120707 via the PATH_INFO to ipsearch.php, related to PHP_SELF.
CVE-2017-14075 1 Jungo 1 Windriver 2025-04-20 N/A
This vulnerability allows local attackers to escalate privileges on Jungo WinDriver 12.4.0 and earlier. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the processing of IOCTL 0x953824a7 by the windrvr1240 kernel driver. The issue lies in the failure to properly validate user-supplied data which can result in an out-of-bounds write condition. An attacker can leverage this vulnerability to execute arbitrary code under the context of kernel.
CVE-2017-14077 1 Phpcaptcha 1 Securimage 2025-04-20 N/A
HTML Injection in Securimage 3.6.4 and earlier allows remote attackers to inject arbitrary HTML into an e-mail message body via the $_SERVER['HTTP_USER_AGENT'] parameter to example_form.ajax.php or example_form.php.
CVE-2017-14078 1 Trendmicro 1 Mobile Security 2025-04-20 N/A
SQL Injection vulnerabilities in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allow remote attackers to execute arbitrary code on vulnerable installations.
CVE-2017-14079 1 Trendmicro 1 Mobile Security 2025-04-20 N/A
Unrestricted file uploads in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allow remote attackers to execute arbitrary code on vulnerable installations.
CVE-2017-14080 1 Trendmicro 1 Mobile Security 2025-04-20 N/A
Authentication bypass vulnerability in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allows attackers to access a specific part of the console using a blank password.
CVE-2017-14081 1 Trendmicro 1 Mobile Security 2025-04-20 N/A
Proxy command injection vulnerabilities in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allow remote attackers to execute arbitrary code on vulnerable installations.
CVE-2017-14083 1 Trendmicro 1 Officescan 2025-04-20 N/A
A vulnerability in Trend Micro OfficeScan 11.0 and XG allows remote unauthenticated users who can access the system to download the OfficeScan encryption file.